Monitor Block List
There are two ways you can cause the firewall to place an IP address on the block list:
- Configure a Vulnerability Protection profile with a rule to Block IP connections and apply the profile to a Security policy, which you apply to a zone.
- Configure a DoS Protection policy rule with the Protect action and a Classified DoS Protection profile, which specifies a maximum rate of connections per second allowed. When incoming packets match the DoS Protection policy and exceed the Max Rate, and if you specified a Block Duration and a Classified policy rule to include source IP address, the firewall puts the offending source IP address on the block list.
In the cases described above, the firewall automatically blocks that traffic in hardware before those packets use CPU or packet buffer resources. If attack traffic exceeds the blocking capacity of the hardware, the firewall uses IP blocking mechanisms in software to block the traffic.
The firewall automatically creates a hardware block list entry based on your Vulnerability Protection profile or DoS Protection policy rule; the source address from the rule is the source IP address in the hardware block list.
Entries on the block list indicate in the Type column whether they were blocked by hardware (hw) or software (sw). The bottom of the screen displays:
- Count ofTotal Blocked IPsout of the number of blocked IP addresses the firewall supports.
- Percentage of the block list that the firewall has used.
To view details about an address on the block list, hover over a Source IP address and click the down arrow link. Click the Who Is link, which displays the Network Solutions Who Is feature, providing information about the address.
For information on configuring a Vulnerability Protection profile, see Customize the Action and Trigger Conditions for a Brute Force Signature. For more information on block list and DoS Protection profiles, see DoS Protection Against Flooding of New Sessions.
Block IP List Entries
Block IP List Entries The following table explains the block list entry for a source IP address that the firewall is blocking. Field Description Block ...
Monitor Blocked IP Addresses
Monitor Blocked IP Addresses The firewall maintains a block list of source IP addresses that it’s blocking. When the firewall blocks a source IP address, ...
Multiple-Session DoS Attack
Multiple-Session DoS Attack Configure DoS Protection Against Flooding of New Sessions by configuring a DoS Protection policy rule, which determines the criteria that, when matched ...
Monitor > Block IP List
Monitor > Block IP List You can configure the firewall to place IP addresses on the block list in several ways, including the following: Configure ...
Deploy DoS and Zone Protection Using Best Practices
DoS and Zone Protection deployment best practices help to ensure a smooth rollout that protects your network and your most critical servers. ...
Objects > Security Profiles > DoS Protection
Objects > Security Profiles > DoS Protection DoS Protection profiles are designed for high-precision targeting and they augment Zone Protection profiles. A DoS Protection profile ...
Follow Post Deployment DoS and Zone Protection Best Practices
DoS and Zone Protection post-deployment best practices ensure that everything is functioning as expected and help you maintain the deployment. ...
Protect your data center web servers and the firewall from DoS attacks to prevent attackers from taking down your data center network. ...
Classified Versus Aggregate DoS Protection
Protect groups of devices with aggregate DoS protection and protect critical individual devices with classified DoS protection. ...