Perimeter Traffic Filtering
Perimeter Traffic Filtering can filter the perimeter traffic based on known risk IP list, and take logging/block action on the malicious traffic that hits the risk IP list.
The risk IP list includes the following three types:
- IP Reputation list: Retrieve the risk IP (such as Botnet, Spam, Tor nodes, Compromised, Brute-forcer, and so on.) list from the Perimeter Traffic Filtering signature database.
- User-defined black/white list : According to the actual needs of users, the specified IP address is added to a user-definedblack/white list.
- Third-party risk IP list: Make a linkage with trend of TDA, to get riskIP list from the trend TDA devices regularly.
- You need to update the IP reputation database before enabling the IP Reputation function for the first time. By default, system will update the database at the certain time everyday, and you can modify the updating settings according to your own requirements, see Upgrading System.
- Perimeter Traffic Filtering is controlled by license. To use Threat protection, apply and install the PTF license.
Enabling Perimeter Traffic Filtering
To realize the zone-based Perimeter Traffic Filtering, take the following steps:
- Create a zone. For more information , refer to Security Zone;
- In the Zone Configuration page, expand Threat Protection.
- Click the Enable button after the Perimeter Traffic Filtering.
- Specifies an action for the malicious traffic that hits the blacklist. Click the User-defined or IP Reputation button , and select the action from drop-down list:
- Log Only: Only generates logs if the malicious traffic hits the blacklist. This is the default option.
- Drop: Drop packets if the malicious traffic hits the blacklist.
- Block IP: Block the IP address and specify a block duration if the malicious traffic hits the IP Reputation list.
Configuring User-defined Black/White List
To configure the user-defined black/white list , take the following steps:
- Select Object > Perimeter Traffic Filtering.
- Click New.
- Click OK.
|IP||Specify the IP address for the user-defined black/white list.|
|mask||Specify the netmask of the IP address.|
|Black/White List||Select the radio button to add the IP address to the blacklist or whitelist .|
Configuring Third-party Black List
To configure the third-party linkage, take the following steps:
- Select System > Third Party Linkage
|Enable linkage with trend of TDA||Select the check box to enabling linkage with trend of TDA.|
|The TDA device address||Specify the address for the TDA device.|
|The TDA device port||Specify the port number for the TDA device. The value range is 1 to 65535.|
|Linkage request cycle||Specify the Linkage request period for getting the blacklisted from the TDA devices.|
|Enable Linkage with sandbox||Select the check box to get the blacklist of the TDA device sandbox.|
Searching Black/White List
To search the black/white list, take the following steps: