Malicious IP Feeds

For Distributed Firewall you can setup Malicious IP Feeds. and download a list of known malicious IPs.
The system downloads these IPs from NTICS cloud service and creates a malicious IP group with them. You can also create custom malicious IP groups to specify IPs and IP addresses only groups that should be treated as exceptions and must not be blocked. To block access to malicious IPs, configure firewall rules containing malicious IP groups. You can also monitor the system for any exceptions and if required exclude IPs from getting blocked.
Once you activate
Malicious IP Feeds
, the IPs are updated at a system defined frequency. Malicious IP Feeds is supported for IPv4 only.
If you are the Greenfield customer, this feature is by default enabled for you with the appropriate license. If you are the Brownfield customer, you will have to perform the steps mentioned in the procedure to enable this feature.
You can also manually update the IPs by clicking
Download Latest Feed
on the Settings page. Later, at any time if you turn off
Malicious IP Feeds
and you have rules with malicious IP groups, the rules might get enforced with outdated data.
To activate Malicious IP Feeds:
  1. Navigate to
    Security
    Distributed Firewall
    .
  2. Go to
    Settings
    Malicious IP Feeds
    .
  3. Set the
    Auto Update
    toggle to
    On
    . The
    Last Updated
    field shows the status of the download. It also shows the date and time of the the last download.
The system downloads malicious IPs and creates a malicious IP group with the downloaded IPs.