Applies To: ThreatSync+ NDR
The Firebox page in the ThreatSync+ Integrations UI is where you enable or disable IP address remediation for Fireboxes in your account.
This page is only available with a ThreatSync+ NDR license. For more information, go to About ThreatSync+ NDR Licenses.
IP addresses blocked by ThreatSync+ NDR do not appear on the Firebox Blocked Sites list in Fireware or WatchGuard Cloud.
If ThreatSync is enabled on your account, blocked IP addresses show on the Items Blocked by ThreatSync page. For more information, go to Manage Items Blocked by ThreatSync.
When you enable IP address remediation for Fireboxes in your account, you can perform manual and automatic remediation actions.
To enable IP address remediation:
- Select Configure > ThreatSync+ Integrations > Firebox.
The Firebox page opens. - Select the Enable Remediation check box.
After remediation is enabled for your Fireboxes, you can perform manual actions on specific external IP addresses on the All IP Addresses page.
The All IP Addresses page shows a list of IP addresses and whether they are blocked by Fireboxes in the account. For more information, go to All IP Addresses.
To configure a ThreatSync+ NDR policy to automatically block external IP addresses that violate a policy, select the If this policy is violated, automatically block involved external IPs check box in the Remediation section of a ThreatSync+ NDR policy.
For more information, go to Configure ThreatSync+ Policies.
To view IP address remediation history, go to ThreatSync+ Audit Logs.