Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Olga_Kuts
Advisor

Block traffic coming from known malicious IP addresses

How can we block traffic coming from known dynamic list of malicious IP addresses using SmartConsole? (Not through the ssh console as described in sk103154)

8 Replies
PhoneBoy
Admin
Admin

As far as I know, there is no SmartConsole way to do this currently.

This is planned for later releases. 

As an alternative to sk103154, you might want to look at CP Dynamic Block Lists maintained by Daniel Husand which makes use of several dynamic block lists.

Christian_Hurta
Explorer

Is there a way to use this with a proxy or does it need to have direct access from the gateway? Talking about R77.30

0 Kudos
PhoneBoy
Admin
Admin

I don't believe his script supports this.

0 Kudos
Ryan_St__Germai
Advisor

Could the Indicators feature within Threat Prevention also solve this for the time being? Create a CSV of the known malicious IP's then import through SmartConsole within the Threat Prevention tab?

0 Kudos
PhoneBoy
Admin
Admin

That's another possibility as well.

0 Kudos
Nir_Naaman
Collaborator

Note that IPs entered via the Indicators feature will only be used by the Anti-Bot blade, which applies only to outbound HTTP connections. Inbound connections from these IPs will not be blocked.

0 Kudos
Richard_Amos
Participant

Is that still true (outbound blocks)?  According to the IOC help page at - SmartConsole R80.10 Help - You can choose to use the AV blade (the default) or AB.

0 Kudos
Thomas_Eichelbu
Advisor
Advisor

Hello!

Thats a cool thing, is it already supported at R80.30?
Iam sorry to say i have not tried it yet ...
If you say it runs at r80.30 , or somebody has tested it successully, i will try it.

best regards

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events