The IPs Blocked by ThreatSync page shows a list of all IP addresses blocked by ThreatSync actions on eligible Fireboxes.
IP addresses blocked by the Firebox do not appear on the IPs Blocked by ThreatSync page. To check whether an incident was blocked by the Firebox, review the Automatic Response in the Threat Details section of a specific incident. For more information, go to Review Incident Details.
IP addresses blocked by ThreatSync do not appear on the Firebox Blocked Sites list in Fireware or WatchGuard Cloud.
The IPs Blocked by ThreatSync page shows these details:
- Blocked IP Address — The IP address blocked by manual action or by an automation policy.
- Blocked By — The user name or automation policy name that blocked the IP address.
- Time Stamp — The date and time the IP address was blocked.
As you review incident details and monitor threats, you might decide to unblock one or more IP addresses that were blocked by a ThreatSync automation policy, or blocked by manual remediation of an incident.
If ThreatSync blocks critical IP addresses, you can add the IP addresses to the Blocked Sites Exception list on your Firebox. When you add a site to the Blocked Sites Exception list, traffic from that site is not blocked. For more information, go to Create Blocked Sites Exceptions.
To unblock an IP address:
- Log in to your WatchGuard Cloud account.
- For Service Provider accounts, from Account Manager, select My Account.
- Select Configure > ThreatSync > IPs Blocked by ThreatSync.
The IPs Blocked by ThreatSync page opens.
- Select one or more blocked IP addresses.
- Click Unblock.
All eligible Fireboxes no longer block traffic to and from the selected IP addresses.