Related Topics
Create Blocked Sites Exceptions
When you add a site to the Blocked Sites Exceptions list, traffic from that site is not blocked, even if it is included in the Blocked Sites list. Traffic from sites on the Blocked Sites Exceptions list is also not automatically blocked by features such as Default Threat Protection and by block actions configured in a proxy policy. If Reputation Enabled Defense is enabled, sites on the Blocked Sites Exceptions list are not blocked based on reputation, and the reputation score is set to -1.
In Fireware v11.12.2 and higher, the Blocked Sites Exceptions list includes default exceptions for servers that WatchGuard products and subscription services must connect to. For more information, see About Blocked Sites.
You can add an exception for an IPv4 or IPv6 host IP address, network IP address or host IP address range, host name (one time DNS lookup), or you can add an exception by FQDN (includes wildcard domains). For more information about how to use FQDN in blocked sites exemptions and policies, see About Policies by Domain Name (FQDN).
To import or export a list of Blocked Sites Exceptions, see Import a List of Blocked Sites or Blocked Sites Exceptions.
If a site you add to the Blocked Sites Exceptions list is on the Auto-Blocked list, the site remains blocked until the Auto-Blocked timeout expires for that site.
For information on how to remove a temporarily blocked site from the Blocked Sites list see:
- Fireware Web UI — Blocked Sites
- Policy Manager — Manage the Blocked Sites List (Blocked Sites)
- Select Firewall > Blocked Sites.
- Select the Blocked Sites Exceptions tab.
- Click Add.
The Add Sites dialog box appears. - From the Choose Type drop-down list, select a method to identify the blocked site exception.
You can add an exception for an IPv4 or IPv6 host IP address, network IP address or host IP address range, host name (one time DNS lookup), or you can add an exception by FQDN. - In the adjacent text box, type the IP address, network IP address, host range, host name, or FQDN. If the exception is for a host range, type the start and end IP addresses for the range of IP addresses in the exception.
For FQDN, you can use a specific domain name, such as example.com, or use a wildcard to indicate the domain and all subdomains, such as *.example.com. - (Optional) In the Description text box, type a description of the blocked site exception.
- Click OK.
- Click Save.
- Select Setup > Default Threat Protection > Blocked Sites.
- Select the Blocked Sites Exceptions tab.
- Click Add.
The Add Site dialog box appears. - From the Choose Type drop-down list, select a method to identify the blocked site exception. You can add an exception for an IPv4 or IPv6 host IP address, network IP address or host IP address range, host name (one time DNS lookup), or you can add an exception by FQDN.
- In the Value text box, type the IP address, network IP address, host range, host name, or FQDN. If the exception is for a host range, type the start and end IP addresses for the range of IP addresses in the exception.
For FQDN, you can use a specific domain name, such as example.com, or use a wildcard to indicate the domain and all subdomains, such as *.example.com. - Click OK.
You cannot remove an internal IP address or network address from the Blocked Sites Exceptions list if the internal IP address is on the Blocked Sites list. Before you can remove an internal IP address from the Blocked Sites Exceptions list, you must remove the address range that includes the internal IP address from the Blocked Sites list.