11-18-2020 01:29 AM
Hello,
I would like to block some public IP addresses in the FMC in a manual way.
When I see it in the events I have the option to select to blacklist it.
When I go to that blacklist I cannot add manually.
Which is the best way to block a public IP?
Regards,
Konstantinos
11-18-2020 01:51 AM
Hi @kostasthedelegate
You could create a manual list, define the IP addresses you wish to block and reference that list in the ACP as a blacklist. You'd need to manually download the list and re-upload to modify.
HTH
11-18-2020 06:12 AM - edited 11-18-2020 06:14 AM
Hello @Rob Ingram
In the access policy you mean the URL tab?
Would it be better to use DNS policy?
What is the order the traffic flows in the FTD in order to cut the desired traffic as soon as possible?
11-18-2020 06:26 AM
No under the SI tab of the ACP, select the list and add to the blacklist. Screenshot below shows which is blocked first.
11-18-2020 06:29 AM
Thank you Rob
I will test it!!
11-19-2020 02:08 AM
Hello
We tested it and we get that 0 IP found
Could you point me to the syntax of the file the list should contain?
11-19-2020 02:19 AM
The list just needs to contain the IP address(es) you wish to block.
11-19-2020 02:48 AM
I tried putting the IP only and it said It found 0 IPs
11-19-2020 03:51 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
