04-21-2010 08:58 AM - edited 03-10-2019 04:58 AM
I just want to verify if the following is working properly:
- Under Configuration > IPS > Sensor Monitoring > Time-Based Actons > Host Blocks is configured properly
I have entered in a few hosts to be blocked and I notice the following:
- Under Connection Block Enabled tab it shows "false" for any host that I enter in. ??????
Thank you in advance for your assistance.
Solved! Go to Solution.
04-23-2010 04:23 AM
False means that the blocking rule was not turned on (not enabled)
It means that someone might have configured the rule before, however, did not enable it.
If you click on the "Add" button, you would be able to see what I mean (the "Enable connection blocking" needs to be ticked to block the host configured), and it will show as "True" once you enable it.
Hope that answers your question.
04-21-2010 10:08 PM
The blocking feature on IPS relies on other network devices. IPS itself will not be blocking the hosts.
You would need to configure which network device will be blocking the host via:
Configuration --> Sensor Management --> Blocking --> Blocking Properties, Blocking Devices, and which interface of the network device will be performing the blocking.
Once the above has been configured, and through Monitoring --> Time Based Actions --> Host Blocks, IPS will send this request off to the network device configured above to be blocked.
Hope that helps.
04-22-2010 07:37 AM
Thanks for your response.
All that you have mentioned in regards to setting blocking up has been done and working fine. My question is in regards to the wording that I am seeing if you goto Configuration > IPS > Sensor Monitoring > Time-Based Actons > Host Blocks Under Connection Block Enabled tab it shows "false" is this what I should be seeing as supposed to something else ?
04-23-2010 04:23 AM
False means that the blocking rule was not turned on (not enabled)
It means that someone might have configured the rule before, however, did not enable it.
If you click on the "Add" button, you would be able to see what I mean (the "Enable connection blocking" needs to be ticked to block the host configured), and it will show as "True" once you enable it.
Hope that answers your question.
12-15-2011 04:44 AM
Hi,
additional question,
how to configure it from CLI? I couldn't find any command and when I put it from IDM or Express (whether with this option enabled or disabled) it is not shown in cli
Output from show statistics network-access
Current Configuration
LogAllBlockEventsAndSensors = true
EnableNvramWrite = false
EnableAclLogging = false
AllowSensorBlock = false
BlockMaxEntries = 250
MaxDeviceInterfaces = 250
State
BlockEnable = true
BlockedAddr
Host
IP = 7.7.7.7
Vlan =
ActualIp =
BlockMinutes = 60
MinutesRemaining = 56
Host
IP = 9.9.9.9
Vlan =
ActualIp =
BlockMinutes = 60
MinutesRemaining = 57
what is more when configuring 7.7.7.7 rule I added destination with 8.8.8.8 and where is it stored?
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide