Hi,

Lee Dress · ‎05-08-2017

I was wondering if anyone knows how to add ip addresses to these lists.

If you have an ip address in a connection event,you can right click it and choose "add to Whitelist" or "Add to Blacklist"

I have an ip address that i know is malicious, but the connection events that it was involved in have already been pruned.

If i go into object management / security intelligence / network lists and feeds, i can see the black and white lists

but i can only delete items from them. I need to be able to add to them.

I also don't want to make a new list, i just want to add to the global ones because they are already defined in my rules

Marvin Rhoads · ‎05-08-2017

You need to create a new object with the addresses or URLs you wish to block.

Then modify your relevant Access Control Policy (under the Secuity Intelligence tab) to include that object among the blacklisted networks or URLs.

Lee Dress · ‎05-09-2017

That's what i was hoping to avoid.

I'll make a group after i create the object, and add the group to my policies so i can add more manual entries later.

Thanks,

Lee

Report Inappropriate Content · ‎05-11-2017

Hi,

or simply add your own network list in a text file - upload to network lists, and add the list to your security intelligence blacklist as mentioned above.

Linda

kevinjohannesson · ‎06-23-2017

Couldn't you just ping the IP you want to black/whitelist so it shows up in the event viewer? Then you can right-click to add to the list.

sturgill · ‎02-08-2018

Geez, thanks, Mr. Obvious. Worked for me!

(Really, thanks!!!)

Firepower 6.1.0.2 Manager Network Blacklist and Whitelist editing