Configuring Block Settings for IoC IP Addresses

You can configure how the firewall blocks and logs traffic that matches IoC IP Address Files, as described inConfiguring IoC IP Addresses File.

To configuring block settings for IoC IP addresses

1. Navigate to Policy > Indicator of Compromise > IP Addresses > Settings tab.

2. Enable Block Connections to/from IoC IP Addresses and select the IoC IP Address Files from the drop-down menu to block connections to or from IP addresses listed in the IoC IP Address Files.

    

   • Selection and enforcement of IoC IP address files is required. Although multiple IoC IP files can be added on the External Files tab, only the files selected in the drop-down menu are enforced.
   • If the drop-down menu remains disabled, no IoC IP file is selected and no IP addresses are blocked.
   • This option is disabled by default.

3. Select one of the options when Enable Block Connections to/from IoC IP Addresses is selected:

   • All Connections to block all inbound and outbound traffic that matches any IoC IP address listed in the IoC IP Address Files.

   • Firewall Rule‑based Connections to block traffic only when the connection matches an access rule that uses IoC IP addresses as the Source or Destination.

4. Enable Logging to record all blocked IoC IP Address events. The firewall stores these log entries under Monitor > System Logs.

   This option is disabled by default.

5. Enable Block Page is turned on by default. It displays the block page configured under the Policy > Indicator of Compromise > IP Addresses > Web Block Page whenever a connection is blocked due to an IoC IP Address match.

6. Choose the object containing the IP addresses from Exclusion Object to exclude those IPs from IoC blocking.

7. Click Accept.