cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Olga_Kuts
Silver

Block traffic coming from known malicious IP addresses

How can we block traffic coming from known dynamic list of malicious IP addresses using SmartConsole? (Not through the ssh console as described in sk103154)

7 Replies
Admin
Admin

Re: Block traffic coming from known malicious IP addresses

As far as I know, there is no SmartConsole way to do this currently.

This is planned for later releases. 

As an alternative to sk103154, you might want to look at CP Dynamic Block Lists maintained by Daniel Husand which makes use of several dynamic block lists.

Re: Block traffic coming from known malicious IP addresses

Is there a way to use this with a proxy or does it need to have direct access from the gateway? Talking about R77.30

0 Kudos
Admin
Admin

Re: Block traffic coming from known malicious IP addresses

I don't believe his script supports this.

0 Kudos

Re: Block traffic coming from known malicious IP addresses

Could the Indicators feature within Threat Prevention also solve this for the time being? Create a CSV of the known malicious IP's then import through SmartConsole within the Threat Prevention tab?

0 Kudos
Admin
Admin

Re: Block traffic coming from known malicious IP addresses

That's another possibility as well.

0 Kudos
Employee
Employee

Re: Block traffic coming from known malicious IP addresses

Note that IPs entered via the Indicators feature will only be used by the Anti-Bot blade, which applies only to outbound HTTP connections. Inbound connections from these IPs will not be blocked.

0 Kudos

Re: Block traffic coming from known malicious IP addresses

Is that still true (outbound blocks)?  According to the IOC help page at - SmartConsole R80.10 Help - You can choose to use the AV blade (the default) or AB.

0 Kudos