Block IP List Entries
The following table explains the block list entry for a source IP address that the firewall is blocking.
Month/day and hours:minutes:seconds when the IP address went on the Block IP List.
Type of block action: whether the hardware (hw) or software (sw) blocked the IP address.
When you configure a DoS Protection policy or a Security policy that uses a Vulnerability Protection profile to block connections from source IPv4 addresses, the firewall automatically blocks that traffic in hardware before those packets use CPU or packet buffer resources. If attack traffic exceeds the blocking capacity of the hardware, the firewall uses software to block the traffic.
Source IP Address
Source IP address of the packet that the firewall blocked.
Security zone assigned to the interface where the packet entered the firewall.
Number of seconds remaining for the IP address to be on the Block IP List.
Name of the classified DoS Protection profile or Vulnerability protection object name where you specified the Block IP action.
Total Blocked IPs: x out of y (z% used)
Count of blocked IP addresses (x) out of the number of blocked IP addresses the firewall supports (y), and the corresponding percentage of blocked IP addresses used (z).
Monitor Block List
Monitor Block List There are two ways you can cause the firewall to place an IP address on the block list: Configure a Vulnerability Protection ...
Monitor Blocked IP Addresses
Monitor Blocked IP Addresses The firewall maintains a block list of source IP addresses that it’s blocking. When the firewall blocks a source IP address, ...
Multiple-Session DoS Attack
Multiple-Session DoS Attack Configure DoS Protection Against Flooding of New Sessions by configuring a DoS Protection policy rule, which determines the criteria that, when matched ...
Monitor > Block IP List
Monitor > Block IP List You can configure the firewall to place IP addresses on the block list in several ways, including the following: Configure ...
Packet Buffer Protection
Protect the firewall’s packet buffers from single-session DoS attacks that attempt to take down the firewall. ...
Widget Descriptions Each tab on the ACC includes a different set of widgets. Widget Description Network Activity —Displays an overview of traffic and user activity ...
Customize the Action and Trigger Conditions for a Brute For...
Customize the Action and Trigger Conditions for a Brute Force Signature The firewall includes two types of predefined brute force signatures—parent signatures and child signatures. ...
Best Practices for Securing Your Network from Layer 4 and L...
Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions To monitor and protect your network from most Layer 4 and Layer ...
Follow Post Deployment DoS and Zone Protection Best Practices
DoS and Zone Protection post-deployment best practices ensure that everything is functioning as expected and help you maintain the deployment. ...