Where Can I Use
This? | What Do I Need? |
| |
The firewall maintains a block list of source
IP addresses that it’s blocking. When the firewall blocks a source
IP address, such as when you configure either of the following policy
rules, the firewall blocks that traffic in hardware before those
packets use CPU or packet buffer resources:
A classified
DoS Protection policy rule with the action to
Protect (a
classified DoS Protection policy specifies that incoming connections
match a source IP address, destination IP address, or source and
destination IP address pair, and is associated with a Classified
DoS Protection profile, as described in
DoS Protection Against Flooding
of New Sessions).
Hardware IP address blocking is supported on PA-3200 Series, PA-5200 Series, PA-5450, and PA-7000
Series firewalls.
You
can view the block list, get detailed information about an IP address
on the block list, or view counts of addresses that hardware and software
are blocking. You can delete an IP address from the list if you
think it shouldn’t be blocked. You can change the source of detailed
information about addresses on the list. You can also change how
long hardware blocks IP addresses.