Blocked Sites and Traffic Monitor

When an IP address is on the Blocked Sites list, a traffic log message that involves this address shows the destination interface as unknown. From Firebox System Manager (FSM), you can see the destination interface and add the IP address to the temporarily blocked sites list.

To see the destination interface:

  1. Select the Traffic Monitor tab.
  2. Select a traffic log message.
  3. Right-click the message and select Destination IP Address.
    The Destination IP address and a menu of options appear.

Screenshot of aTraffic Monitor context menu, with the Destination Interface sub-menu

To save computation cycles, Fireware XTM does not identify the destination interface of a packet if the source or destination IP address is blocked.

To block the destination interface IP address:

  1. Select the Traffic Monitor tab.
  2. Select a message.
  3. Right-click the message and select Destination IP Address.
    The Destination IP address and a menu of options appear.
  4. Select Block Site.
    The Choose Expiration dialog box appears.

Screen shot of the Choose Expiration dialog box

  1. To change the amount of time the IP address is blocked, in the Expire After text box, type a value. From the drop-down list, select Hours, Minutes, or Seconds.
  2. Click OK.
    The Update signature dialog box appears.
  3. Type your Device Administrator passphrase and click OK.
    The IP address is temporarily added to the Blocked Sites list for the specified amount of time.

Related Topics

About Blocked Sites

Manage the Blocked Sites List (Blocked Sites)