Block Sites Temporarily with Policy Settings

You can temporarily block sites that try to use a denied service. IP addresses from the denied packets are added to the Temporary Blocked sites list for 20 minutes (by default). Each time the Firebox receives traffic of any kind from a site on the Temporary Blocked Sites list, the timer for that site is reset. The IP address is removed from the Temporary Blocked Sites list only after no traffic is received from the site for the time period specified in the Duration for Auto-Blocked Sites setting in the Blocked Sites configuration.

You cannot add local loopback addresses such as 127.0.0.1 to the Temporary Blocked sites list because it can block internal Firebox functions.

To temporarily block sites, from Fireware Web UI:

  1. Select Firewall > Firewall Policies. Click on a policy to edit it.
    The Firewall Policies/Edit page appears.
  2. On the Settings tab, make sure you set the Connections are drop-down list to Denied or Denied (send reset).
  3. On the Settings tab, select the Auto-block sites that attempt to connect check box. By default, IP addresses from the denied packets are added to the Temporary Blocked Sites list for 20 minutes.

To temporarily block sites, from Policy Manager:

  1. Double-click the policy for the denied service.
    The Edit Policy Properties dialog box appears.
  2. On the Policy tab, make sure you set the Connections Are drop-down list to Denied or Denied (send reset).
  3. On the Properties tab, select the Auto-block sites that attempt to connect check box. By default, IP addresses from the denied packets are added to the Temporary Blocked Sites list for 20 minutes.

If you enable logging of temporary blocked sites, the log messages can help you make decisions about which IP addresses to block permanently.

To enable logging for denied packets, from Fireware Web UI:

  1. In the policy definition, select the Settings tab.
  2. In the Logging settings, select the Send a log message check box.

To enable logging for denied packets, from Policy Manager:

  1. In the policy definition, select the Properties tab
  2. Click Logging.
  3. Select the Send log message check box.

For more information about logging, go to Set Logging and Notification Preferences

Related Topics

About Blocked Sites

Change the Duration that Sites are Auto-Blocked