Manualshelf

R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
12345678910
1
Blacklist configuration
NOTE:
The firewall supports configuring the blacklist feature only in the web interface.
Blacklist overview
Blacklist is an attack prevention mechanism that filters packets based on source IP address. Compared
with ACL-based packet filtering, the blacklist feature is easier to configure and fast in filtering packets
sourced from particular IP addresses.
The firewall can cooperate with the scanning detection feature to dynamically add and remove blacklist
entries. When the firewall detects that packets sourced from an IP address have a behavior pattern that
implies a potential scanning attack, it automatically blacklists the IP address to filter subsequent packets
sourced from that IP address. Blacklist entries added in this way will age out after a period of time.
NOTE:
For more information about scanning detection configuration, see the chapter “Traffic abnormality
detection configuration.”
The firewall also supports adding and removing blacklist entries manually. Manually configured blacklist
entries fall into two categories: permanent and non-permanent. A permanent blacklist entry is always
present unless being removed manually, whereas a non-permanent blacklist entry has a limited lifetime
depending on your configuration. When the lifetime of a non-permanent entry expires, the firewall
removes the entry from the blacklist, allowing the packets of the IP address defined by the entry to pass
through.
Configuring the blacklist feature
Table 1 Blacklist configuration task list
Task Remarks
Enabling the blacklist feature
Required
By default, the blacklist feature is disabled.
Configuring the Scanning
Detection Feature to Add
Blacklist Entries Automatically
Required
Complete either of the task
By default, no blacklist entries exist.
For more information about scanning detection configuration, see the
chapter “Traffic abnormality detection configuration.”
IMPORTANT:
If you modify a dynamic blacklist entry, the entry will turn into a manual one.
Adding a blacklist entry
manually
Viewing the blacklist Optional