is it possible to show a list of automatically blocked IP addresses (example: Threat prevention for Brute-Force Attacks).
And is it possible to remove an IP from that list?
Solved! Go to Solution.
As far as I can recall, there is a work around to get the list of ip-addresses that the firewall block by threat.
You can create a custom report for the threat log to query action==deny. Or you can filter the threat logs with action eq deny as follows and export to csv.
In order to allow that threat or in case of False positive you can add an exception to threat in the security profile that is configured under Objects > Security Profiles >Antivirus > select the profile > Virus Exception
You cannot create an exception to an ip-address in the security profiles.
Let me know if that helps.
Actually I don't want an exception. I just want to remove an IP, if it is blocked after testing.
It's OK for me. The time I set for blocking is expired :smileyhappy:
In future I'll test with a short time and if it works, I'll increase the time :smileywink:
Currently there is no way to view/add/remove from the list of IPs that are blocked via vulnerability profile 'block-ip' option. There is a feature request open and I would recommend reaching out to your sales team so we can work to add this feature in a future release.
*EDIT* -- there is option to show/reset the block-table
> debug dataplane show dos block-table
> debug dataplane reset dos block-table
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!