Applies To: Cloud-managed Fireboxes
This document applies to Fireboxes you manage in WatchGuard Cloud. For information that applies to Fireboxes managed in Fireware Web UI or WatchGuard System Manager, go to: About Blocked Sites.
Some of the features described in this topic are only available to participants in the WatchGuard Cloud Beta program. If a feature described in this topic is not available in your version of WatchGuard Cloud, it is a beta-only feature.
Overview
A blocked site is an IP address that cannot make a connection through the Firebox. You tell the Firebox to block specific sites you know, or think, are a security risk. After you find the source of suspicious traffic, you can block all connections from that IP address.
The Firebox handles two different types of blocked IP addresses: permanent and temporary.
Permanent Blocked Sites
The Firebox denies connection to or from sites that are permanently blocked. These are site addresses that you determined are a security risk and manually added to the Blocked Sites list on the Network Blocking page. For example, you can add an IP address that constantly tries to scan your network to the Blocked Sites list to prevent port scans from that site.
The limit for permanent blocked sites on the Firebox is 250,000 IP addresses.
For more information about how to permanently block a site on a cloud-managed Firebox, go to Add Blocked Sites and Blocked Ports on a Cloud-Managed Firebox.
You can also see a combined list of permanent and temporary blocked sites on the Monitor > Live Status > Blocked Sites page. For more information, go to Monitor and Manage Blocked Sites on Fireboxes in WatchGuard Cloud.
Temporary Blocked Sites
Security services and default packet handling rules on the Firebox automatically drop or block traffic that matches the pattern of well-known network attacks. The source of that traffic is temporarily added to the Blocked Sites list on the Monitor > Live Status > Blocked Sites page. Many events can cause the Firebox to add a site to the list, including port space probes, spoofing attacks, and address space probes.
T Series models can include a maximum of 1,000 temporary blocked sites and M Series models can include a maximum of 8,000 temporary blocked sites.
Sites that the Firebox automatically blocks stay on the Blocked Sites list for a default of 20 minutes, but you can adjust the expiration time for individual sites on the list. If a blocked site sends any additional traffic in that time period, the timer for the site resets.
You can also manually add and remove temporary blocked sites from the Blocked Sites list. For more information about how to add and manage temporary blocked sites on a cloud-managed Firebox, go to Monitor and Manage Blocked Sites on Fireboxes in WatchGuard Cloud.
Blocked Site Exceptions
If the Firebox blocks connections to a site you believe to be safe, you can add the site to the Exceptions list, so that traffic from that site is not blocked.
For information about how to add a blocked site exception on a cloud-managed Firebox, go to Add Exceptions in WatchGuard Cloud.
The Exceptions list includes default exceptions for servers that WatchGuard products and subscription services must connect to. These exceptions allow connections through the Firebox to these sites, regardless of whether other configuration settings (for example, Geolocation) block connections to these sites. The default blocked site exceptions include:
| Products and Services | Blocked Sites Exceptions |
|---|---|
| All services hosted by WatchGuard | *.watchguard.com |
| WatchGuard Wi-Fi Cloud |
*.cloudwifi.com *.mojonetworks.com *.airtightnetworks.com redirector.online.spectraguard.net |
| spamBlocker |
*.ctmail.com (for Fireware v12.1.3 and lower, Fireware v12.2.x to Fireware v12.5.3 and Panda URL filtering and anti-spam protection) *.cloudfilter.net (for Fireware v12.5.4 and higher, or Fireware v12.1.4 to Fireware v12.1.x) |
| WebBlocker |
rp.cloud.threatseeker.com wg.cloud.threatseeker.com download.websense.com |
| APT Blocker |
analysis.nl.emea.lastline.com analysis.lastline.com |
| All services hosted by Panda Security | *.pandasecurity.com |
| Panda Aether Comms |
*.pandasecurity.com aether100proservicebus.servicebus.windows.net aether100pronotification.table.core.windows.net |
| Panda Patch Management | content.ivanti.com |
| Panda root certificates |
*.globalsign.net *.globalsign.com *.digicert.com |
Live Status Reporting for Fireboxes in WatchGuard Cloud
Add Blocked Sites and Blocked Ports on a Cloud-Managed Firebox