Malicious IP Feeds
For Distributed Firewall you can setup Malicious IP Feeds. and download a list of
known malicious IPs.
The system downloads these IPs from NTICS
cloud service and creates a malicious IP group with them. You can also create custom
malicious IP groups to specify IPs and IP addresses only groups that should be
treated as exceptions and must not be blocked. To block access to malicious IPs,
configure firewall rules containing malicious IP groups. You can also monitor the
system for any exceptions and if required exclude IPs from getting blocked.
Once you activate
Malicious
IP Feeds
, the IPs are updated at a system defined frequency.
Malicious IP Feeds is supported for IPv4 only. If you are the Greenfield customer,
this feature is by default enabled for you with the appropriate license. If you are
the Brownfield customer, you will have to perform the steps mentioned in the
procedure to enable this feature.
You can also manually update the IPs by
clicking
Download Latest Feed
on the Settings page. Later, at
any time if you turn off Malicious IP Feeds
and you have
rules with malicious IP groups, the rules might get enforced with outdated data.To activate Malicious IP Feeds:
- Navigate to .
- Go to .
- Set theAuto Updatetoggle toOn. TheLast Updatedfield shows the status of the download. It also shows the date and time of the the last download.
The system downloads malicious IPs
and creates a malicious IP group with the downloaded IPs.