Overview
In some scenarios where threat protection is used as a defense for brute force attacks involving FTP or SSH, there can be cases where an unwanted IP address is blocked and needs to unblocked immediately.
Details
To unblock an IP address, run the following CLI commands:
- Verify blocked addresses:
> debug dataplane show dos block-table
entp:0x80000000efc69c10, bucket:183, entry:0
Key:
vsys_id:1, src_zone:3
ip:x.x.x.x, dst_ip:10.0.0.5
is_ipv6:0, is_src_dst_both:1
Value:
block_until:1989416 (Unblock after:16 sec)
-------------------------------------------------------------------------------
- Remove Specific Address in Block-Table & Leave Other Addresses Blocked
> debug dataplane reset dos zone L3_Untrust block-table source x.x.x.x
- Remove All Addresses in Block-Table:
> debug dataplane reset dos block-table
Note: The discarded sessions may need to be cleared. Run the following commands to view and clear discarded sessions.
> show session all filter source x.x.x.x
--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
45629 ssh DISCARD FLOW x.x.x.x[36437]/L3_Untrust/6 (x.x.x.x[36437])
vsys1 10.0.0.5[22]/L3_Untrust (10.0.0.5[22])
> clear session id 45629
session 45629 cleared
owner: jperry