Re: Block traffic coming from known malicious IP a...

Olga_Kuts · ‎2017-07-10

How can we block traffic coming from known dynamic list of malicious IP addresses using SmartConsole? (Not through the ssh console as described in sk103154)

PhoneBoy · ‎2017-07-10

As far as I know, there is no SmartConsole way to do this currently.

This is planned for later releases.

As an alternative to sk103154, you might want to look at CP Dynamic Block Lists maintained by Daniel Husand which makes use of several dynamic block lists.

Christian_Hurta · ‎2018-09-20

Is there a way to use this with a proxy or does it need to have direct access from the gateway? Talking about R77.30

PhoneBoy · ‎2018-09-20

I don't believe his script supports this.

Ryan_St__Germai · ‎2017-07-11

Could the Indicators feature within Threat Prevention also solve this for the time being? Create a CSV of the known malicious IP's then import through SmartConsole within the Threat Prevention tab?

PhoneBoy · ‎2017-07-11

That's another possibility as well.

Nir_Naaman · ‎2017-07-23

Note that IPs entered via the Indicators feature will only be used by the Anti-Bot blade, which applies only to outbound HTTP connections. Inbound connections from these IPs will not be blocked.

Richard_Amos · ‎2018-09-05

Is that still true (outbound blocks)? According to the IOC help page at - SmartConsole R80.10 Help - You can choose to use the AV blade (the default) or AB.

Thomas_Eichelbu · ‎2020-09-23

Hello!

Thats a cool thing, is it already supported at R80.30?
Iam sorry to say i have not tried it yet ...
If you say it runs at r80.30 , or somebody has tested it successully, i will try it.

best regards

Are you a member of CheckMates?

Block traffic coming from known malicious IP addresses