topic Re: Block malicious domains at interface level in General Topics

Block malicious domains at interface level

Vijaygvasan — Tue, 07 Sep 2021 12:57:40 GMT

Hi Team,

I have a concern where is there any way to block malicious domain based or malicious ip based traffic ingress through the firewall to trust zone or dmz zone from untrust zone to be blocked at interface level even before it reaches to pbf or policy or processing over firewall.

Is there any way to block malicious domain before it is being processed. Let me know the possibilities.

Re: Block malicious domains at interface level

BPry — Tue, 07 Sep 2021 17:35:06 GMT

@Vijaygvasan,

If you don't want this traffic to be processed by the firewall, you would need to drop it before it reaches your firewall. If you have that requirement then that traffic should be dropped immediately by your first controlled network resource, so in most cases a router.

Re: Block malicious domains at interface level

Vijaygvasan — Wed, 08 Sep 2021 03:35:46 GMT

So firewall cannot drop a packet at isp interface level am i right?