Add Blocked Sites and Blocked Ports

Applies To: Cloud-managed Fireboxes

To prevent access to a specific site or port, you can manually add blocked sites and ports for cloud-managed Fireboxes.

Add Blocked Sites

A blocked site is an IP address that cannot make a connection through the Firebox. You tell the Firebox to block specific sites you know, or think, are a security risk. To make sure the Firebox always blocks a site, you can permanently add it to the Blocked Sites list.

To add a blocked site, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select a cloud-managed Firebox.
    Status and settings for the selected Firebox appear.
  3. Select Device Configuration.
    The Device Configuration page opens and shows the WatchGuard Cloud Security Services.

    4. Screen shot of WatchGuard Cloud Configure Security Services (cloud-managed)

  4. Click the Network Blocking tile.
    The Network Blocking page opens.
  5. Enable Blocked Sites.

WatchGuard Cloud screen shot of Blocked Sites option

  1. Click Add Blocked Site.
    The Add Blocked Site dialog box opens.

Screen shot of Add Blocked Site dialog box

  1. From the Type menu, select the type of address to block.
  2. Specify the address. The parameters that appear are different for the type you select.
    • Host IPv4 — Host IP address
    • Network IPv4 — Network address
    • Host Range IPv4 — From address and To address
    • Host IPv6 — Host IP address
    • Network IPv6 — Network address
    • Host Range IPv6 — From and To Host IP addresses
    • Fully Qualified Domain Names — FQDN, includes wildcard domains such as *.example.com.
      For more information about how to use FQDN in blocked sites and policies, see About Policies by Domain Name (FQDN).
  3. In the Description text box, type a description of the site you want to block.
  4. Click Add.
    To delete a blocked site, click in the row for the blocked site.
  5. To save configuration changes to the cloud, click Save.

Add a Blocked Port

From the Network Blocking page, you can add a port number to the Blocked Ports list. The Firebox denies all traffic to blocked ports on all external interfaces.

Do not block standard ports such as 53, 80, and 443.

To add a blocked port:

  1. Select Configure > Devices.
  2. Select a cloud-managed Firebox.
    Status and settings for the selected Firebox appear.
  3. Select Device Configuration.
    The Device Configuration page opens and shows the WatchGuard Cloud Security Services.

    4. Screen shot of WatchGuard Cloud Configure Security Services (cloud-managed)

  4. Click the Network Blocking tile.
    The Network Blocking page opens.
  5. Enable Blocked Ports.

  1. Click Add Blocked Port.
    The Add Blocked Port dialog box opens.
  2. In the Add Port text box, type a port number.
    The number must be between 1 and 65535.

Screen shot of Add Blocked Port dialog box

  1. Click Add.
    To delete a blocked port, click in the row for the port.
  2. To save configuration changes to the cloud, click Save.

Related Topics

Add a Cloud-Managed Firebox to WatchGuard Cloud

Add Exceptions in WatchGuard Cloud