R80.20 - IP blacklist in SecureXL

Document created by Heiko Ankenbrand Champion on Oct 1, 2018Last modified by Heiko Ankenbrand Champion on Oct 17, 2018
Version 7Show Document
  • View in full screen mode

Controls the IP blacklist in SecureXL. The blacklist blocks all traffic to and from the specified IP addresses.

The blacklist drops occur in SecureXL, which is more efficient than an Access Control Policy to drop the packets.

This can be very helpful e.g. with DoS attacks to block an IP on SecureXL level.

 

For example, the traffic from and to IP 1.2.3.4 should be blocked at SecureXL level.

 

On gateway set the IP 1.2.3.4 to Secure XL blacklist:

# fwaccel dos blacklist -a 1.2.3.4

 

On gateway displays all IP's on the SecureXL blacklist:

# fwaccel dos blacklist -s

 

On gateway delete the IP 1.2.3.4 from Secure XL blacklist:

fwaccel dos blacklist -d 1.2.3.4

 

Very nice new function in R80.20!

 

 

Furthermore there are also the Penalty Box whitelist in SecureXL.

 

The SecureXL Penalty Box is a mechanism that performs an early drop of packets that arrive from suspected sources. The purpose of this feature is to allow the Security Gateway to cope better under high traffic load, possibly caused by a DoS/DDoS attack. The SecureXL Penalty Box detects clients that sends packets, which the Access Control Policy drops, and clients that violate the IPS protections. If the SecureXL Penalty Box detect a specific client frequently, it puts that client in a penalty box. From that point, SecureXL drops all packets that arrive from the blocked source IP address. The Penalty Box whitelist in SecureXL lets you configure the source IP addresses, which the SecureXL Penalty Box never blocks.

 

More under this link:

Command Line Interface R80.20 Reference Guide

 

Regards,

Heiko

17 people found this helpful

Attachments

    Outcomes