A blocked site is an IP address that cannot make a connection through the XTM device. You tell the XTM device to block specific sites you know, or think, are a security risk. After you find the source of suspicious traffic, you can block all connections from that IP address. You can also configure the XTM device to send a log message each time the source tries to connect to your network. From the log file, you can see the services that the sources use to launch attacks.
The XTM device denies all traffic from a blocked IP address. You can define two different types of blocked IP addresses: permanent and auto-blocked.
Network traffic from permanently blocked sites is always denied. These IP addresses are stored in the Blocked Sites list and must be added manually. For example, you can add an IP address that constantly tries to scan your network to the Blocked Sites list to prevent port scans from that site.
To block a site, see Block a Site Permanently.
Packets from auto-blocked sites are denied for the amount of time you specify. The XTM device uses the packet handling rules specified for each policy to determine whether to block a site. For example, if you create a policy that denies all traffic on port 23 (Telnet), any IP address that tries to send Telnet traffic through that port is automatically blocked for the amount of time you specify.
To automatically block sites that send denied traffic, see Block Sites Temporarily with Policy Settings.
You can also automatically block sites that are the source of packets that do not match any policy rule. For more information, see About Unhandled Packets.
To manually add a temporary blocked site, on the Blocked Sites page. For more information, see Blocked Sites.
If the XTM device blocks traffic from a site you believe to be safe, you can add the site to the Blocked Site Exceptions list, so that traffic from that site is not blocked.
Blocked Site Exceptions bypass all Default Threat Protection checks. Any traffic from an exception site that would normally be blocked by Default Threat Protection will not appear in the traffic logs as an attack.
To add a blocked site exception, see Create Blocked Site Exceptions.
To see a list of all sites currently on the blocked sites list, select System Status > Blocked Sites. From the Blocked Sites page you can see the current blocked sites, and you can add, edit, or remove temporary blocked sites.
For more information, see Blocked Sites.