Hardware IP Address Blocking

When the firewall blocks a source IP address, such as when you configure a Classified DoS Protection policy rule with the Action to Protect, or a Security policy with a Vulnerability Protection profile, the firewall automatically blocks that traffic in hardware before those packets use CPU or packet buffer resources.
Hardware IP address blocking is supported on PA-3060 firewalls, PA-3050 firewalls, PA-5000 Series firewalls, PA-5200 Series firewalls, and PA-7000 Series firewalls.
You can Monitor Blocked IP Addresses, for example to get more information about an IP address on the block list, change how long hardware blocks IP addresses, and delete an IP address from the list if you think it shouldn’t be blocked.
  1. View block list entries.
    1. Select MonitorBlock IP List.
      Entries on the block list indicate whether they were blocked by hardware (hw) or software (sw).
    2. To view details about an address on the block list, hover over a Source IP address and click the down arrow link. Click the Who Is link, which displays Network Solutions Who Is information about the address.
      hw_block_IP_list_excerpt.png
  2. Delete block list entries.
    You might want to delete an entry if you determine an IP address shouldn’t be blocked. You should then revise the policy rule that caused the firewall to block the address.
    1. Select MonitorBlock IP List.
    2. Select one or more entries and click Delete.

Related Documentation