You are here: Webhelp 5.5R6 > Threat Prevention > Perimeter Traffic Filtering

Perimeter Traffic Filtering

Perimeter Traffic Filtering can filter the perimeter traffic based on known risk IP list, and take logging/block action on the malicious traffic that hits the risk IP list.

The risk IP list includes the following three types:

  • IP Reputation list: Retrieve the risk IP (such as Botnet, Spam, Tor nodes, Compromised, Brute-forcer, and so on.) list from the Perimeter Traffic Filtering signature database.

  • User-defined black/white list : According to the actual needs of users, the specified IP address is added to a user-definedblack/white list.

  • Third-party risk IP list: Make a linkage with trend of TDA, to get riskIP list from the trend TDA devices regularly.

 
  • You need to update the IP reputation database before enabling the IP Reputation function for the first time. By default, system will update the database at the certain time everyday, and you can modify the updating settings according to your own requirements, see Upgrading System.
  • Perimeter Traffic Filtering is controlled by license. To use Threat protection, apply and install the PTF license.

Enabling Perimeter Traffic Filtering

To realize the zone-based Perimeter Traffic Filtering, take the following steps:

  1. Create a zone. For more information , refer to Security Zone;
  2. In the Zone Configuration dialog box, select Threat Protection tab.
  3. Select the Enable check box after the Perimeter Traffic Filtering.
  4. Specifies an action for the malicious traffic that hits the blacklist. Select the User-defined , Pre-defined or IP Reputation check box , and select the action from drop-down list:
    • Log Only: Only generates logs if the malicious traffic hits the blacklist.This is the default option.
    • Drop: Drop packets if the malicious traffic hits the blacklist.
    • Block IP: Block the IP address and specify a block duration if the malicious traffic hits the IP Reputation list.

Configuring User-defined Black/White List

To configure the user-defined black/white list , take the following steps:

  1. Select Object > Perimeter Traffic Filtering.
  2. Click New.
  3. Click OK.

Configuring Third-party Black List

To configure the third-party linkage, take the following steps:

  1. Select System > Third Party Linkage

Searching Black/White List

To search the black/white list, take the following steps:

  1. Select Object > Perimeter Traffic Filtering.
  2. Click Search.
  3. Enter the IP address and click Search. The results will be displayed in this dialog box.