How to show blocked IPs and how to remove a blocked IP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to show blocked IPs and how to remove a blocked IP

L2 Linker

Hello,

is it possible to show a list of automatically blocked IP addresses (example: Threat prevention for Brute-Force Attacks).
And is it possible to remove an IP from that list?

Thanks
Jörg

1 accepted solution

Accepted Solutions

Hello,

Currently there is no way to view/add/remove from the list of IPs that are blocked via vulnerability profile 'block-ip' option. There is a feature request open and I would recommend reaching out to your sales team so we can work to add this feature in a future release.

*EDIT* -- there is option to show/reset the block-table

> debug dataplane show dos block-table

> debug dataplane reset dos block-table

Cheers,

Stefan

View solution in original post

5 REPLIES 5

L4 Transporter

Hi Jorg,

As far as I can recall, there is a work around to get the list of ip-addresses that the firewall block by threat.

You can create a custom  report for the threat log to query action==deny. Or you can filter the threat logs with action eq deny as follows and export to csv.

deny.PNG

In order to allow that threat or in case of False positive you can add an exception to threat in the security profile that is configured under Objects > Security Profiles >Antivirus > select the profile > Virus Exception

You cannot create an exception to an ip-address in the security profiles.

Let me know if that helps.

Regards,

Parth

OK, thanks!
Actually I don't want an exception. I just want to remove an IP, if it is blocked after testing.
It's OK for me. The time I set for blocking is expired Smiley Happy
In future I'll test with a short time and if it works, I'll increase the time Smiley Wink

Regards

Jörg

Hello,

Currently there is no way to view/add/remove from the list of IPs that are blocked via vulnerability profile 'block-ip' option. There is a feature request open and I would recommend reaching out to your sales team so we can work to add this feature in a future release.

*EDIT* -- there is option to show/reset the block-table

> debug dataplane show dos block-table

> debug dataplane reset dos block-table

Cheers,

Stefan

OK, thanks!

Did that feature request ever get implemented?  

  • 1 accepted solution
  • 8235 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!