Login
- Table of Contents
-
- 04-Policies
- 01-Security policy
- 02-Security policy redundancy analysis
- 03-Security policy hit analysis
- 04-Security policy optimization
- 05-Attack defense
- 06-Risk analysis
- 07-Blacklist
- 08-Connection limit
- 09-uRPF
- 10-IPCAR
- 11-IP reputation
- 12-Domain reputation
- 13-Application audit
- 14-Bandwidth management
- 15-Server connection detection
- 16-Application proxy
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Blacklist | 27.85 KB |
This help contains the following topics:
Introduction
The blacklist feature is an attack prevention method that filters packets by IP addresses or address object groups in blacklist entries. Compared with ACL-based packet filtering, IP blacklist filtering is simpler and provides effective screening at a faster speed.
Blacklist entries can be manually added or dynamically learned:
· You can manually add an IP blacklist entry. These entries do not age out by default. You can set an aging time for each entry.
· The device can automatically add IP blacklist entries when collaborating with scanning attack detection. Each dynamically learned IP blacklist entry has an aging time, which is user configurable. Make sure adding the attacker's IP address to the IP blacklist is specified as the scanning attack prevention action.
Configure the blacklist
The blacklist feature is an attack prevention method that filters packets by IP addresses or address object groups in blacklist entries.
IP blacklist entries when the blacklist feature collaborates with scanning attack detection. Make sure adding the attacker's IP address to the IP blacklist is specified as the scanning attack prevention action.
Configure the IP blacklist
1. Click the Policies tab.
2. In the navigation pane, select Attack Defense > Blacklist.
3. Click Create.
4. Add an IP blacklist entry.
Table 1 IP blacklist configuration items
|
Item |
Description |
|
VRF |
VRF to which the blacklist belongs. You can select an existing VRF or create a new one. The newly created VRF will be displayed on the Network > VRF page. |
|
IP address |
IP address in the blacklist entry. Packets sourced from or destined to the IP address will be dropped. |
|
Match field |
Packet field to compare with the criterion: · Source IP address. · Destination IP address. |
|
IP address |
IP address in the blacklist entry. Packets sourced from or destined to the IP address will be dropped. |
|
DS-Lite tunnel peer address |
IPv6 address of the B4 element of the DS-Lite tunnel that transmits packets from the blacklisted IPv4 address. This parameter is available when IPv4 is selected for IP version, and Source IP is selected for the match field. |
|
Aging time (sec) |
Aging time of the blacklist entry. If you do not set the aging time, the blacklist entry never ages out. You must delete it manually. |
5. Click OK. The IP Blacklist page displays the newly added IP blacklist.
6. Click Enable globally. The IP blacklist takes effect on all security zones.
Configure the address object group blacklist
1. Click the Policies tab.
2. In the navigation pane, select Attack Defense > Blacklist.
3. Click the Address Object Group Blacklist tab.
4. Click Add.
5. Add an address object group blacklist entry.
Table 2 Address object group blacklist configuration items
|
Item |
Description |
|
Object group type |
Select a type of address object groups, IPv4 or IPv6. |
|
Object group name |
Enter the name of an address object group. |
6. Click OK. The Address Object Group Blacklist page displays the newly added address object group blacklist.
7. Click Enable globally. The address object group blacklist takes effect on all security zones.
