Block malicious domains at interface level

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Block malicious domains at interface level

L3 Networker

Hi Team,


I have a concern where is there any way to block malicious domain based or malicious ip based traffic ingress through the firewall to trust zone or dmz zone from untrust zone to be blocked at interface level even before it reaches to pbf or policy or processing over firewall.

Is there any way to block malicious domain before it is being processed. Let me know the possibilities.


Cyber Elite
Cyber Elite


If you don't want this traffic to be processed by the firewall, you would need to drop it before it reaches your firewall. If you have that requirement then that traffic should be dropped immediately by your first controlled network resource, so in most cases a router. 

So firewall cannot drop a packet at isp interface level am i right?


  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!