cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

973
Views
0
Helpful
5
Replies
Lee Dress
Beginner

Firepower 6.1.0.2 Manager Network Blacklist and Whitelist editing

I was wondering if anyone knows how to add ip addresses to these lists.

If you have an ip address in a connection event,you can right click it and choose "add to Whitelist" or "Add to Blacklist"

I have an ip address that i know is malicious, but the connection events that it was involved in have already been pruned.

If i go into object management / security intelligence / network lists and feeds, i can see the black and white lists

but i can only delete items from them.  I need to be able to add to them.

I also don't want to make a new list, i just want to add to the global ones because they are already defined in my rules

5 REPLIES 5
Marvin Rhoads
Hall of Fame Guru

You need to create a new object with the addresses or URLs you wish to block.

Then modify your relevant Access Control Policy (under the Secuity Intelligence tab) to include that object among the blacklisted networks or URLs.

That's what i was hoping to avoid.

I'll make a group after i create the object, and add the group to my policies so i can add more manual entries later.

Thanks,

Lee

Not applicable

Hi,

or simply add your own network list in a text file - upload to network lists, and add the list to your security intelligence blacklist as mentioned above.

Linda

Couldn't you just ping the IP you want to black/whitelist so it shows up in the event viewer? Then you can right-click to add to the list.

Geez, thanks, Mr. Obvious.  Worked for me!

(Really, thanks!!!)

 

Content for Community-Ad