Configure Network Blocking in WatchGuard Cloud

Applies To: Cloud-managed Fireboxes

For cloud-managed Fireboxes, you can enable and configure network blocking with these security services:

  • Botnet Detection
  • Intrusion Prevention Services

For network blocking services, the configured settings apply to all policies that have these services enabled. For more information, see Configure Security Services in a Firewall Policy

You can also manually block ports and sites. For more information, see Add Blocked Sites and Blocked Ports.

Enable Botnet Detection

A botnet comprises a large number of malware-infected client computers that a remote server controls and uses to perform malicious acts. The Botnet Detection security service adds a list of known botnet site IP addresses to the Blocked Sites List, which enables the Firebox to block these sites at the packet level.

To enable Botnet Detection:

  1. Select Configure > Devices.
  2. Select a cloud-managed Firebox.
    Status and settings for the selected Firebox appear.
  3. Select Device Configuration.
    The Device Configuration page displays the WatchGuard Cloud security services.
  4. Click the Network Blocking tile.
    The Network Blocking page opens.

WatchGuard Cloud screen shot of Network Blocking option

  1. Enable Botnet Detection.
  2. To save configuration changes to the cloud, click Save.

Configure Intrusion Prevention Services

Intrusion Prevention Services (IPS) use signatures to provide real-time protection against network attacks, including spyware, SQL injections, cross-site scripting, and buffer overflows. Configure the action IPS takes when it detects a threat, as well as the type of scan.

IPS automatically uses the latest signatures when you enable it.

To configure Intrusion Prevention Services:

  1. Select Configure > Devices.
  2. Select a cloud-managed Firebox.
    Status and settings for the selected Firebox appear.
  3. Select Device Configuration.
    The Device Configuration page displays the WatchGuard Cloud security services.
  4. Click the Network Blocking tile.
    The Network Blocking page opens.
  1. Enable Intrusion Prevention Services.

WatchGuard Cloud screen shot of Network Blocking IPS options

  1. In the Action column, select the Drop check box for each security threat level (Status) you want to drop the connection for. There are 5 security threat levels, from highest to lowest:
    • Critical
    • High
    • Medium
    • Low
    • Info
  1. To generate an alarm for the security threat level, select the Alarm check box.
    If you do not want to set an alarm, clear the Alarm check box for that status.
  2. Select the scan mode to use:
    • Full Scan – Scans all packets for policies that have IPS enabled
      We recommend you use Full scan mode in most environments.
    • Fast Scan — Scans fewer packets
      Fast scan mode inspects a smaller portion of each file that in most cases is enough to identify all threats, and provides better IPS performance.
  3. To save configuration changes to the cloud, click Save.

See Also

Add a Cloud-Managed Firebox to WatchGuard Cloud

Add Blocked Sites and Blocked Ports

About Botnet Detection

About Intrusion Prevention Service