Related Topics
Block a Site Permanently
To make sure a site is always blocked, you can permanently add sites to the Blocked Sites list. You can block an IPv4 or IPv6 host IP address, network IP address or host IP address range, host name (one-time DNS lookup), or you can block a site by FQDN (includes wildcard domains). For more information about how to use FQDN in blocked sites and policies, see About Policies by Domain Name (FQDN).
To import or export a list of Blocked Sites, see Import a List of Blocked Sites or Blocked Sites Exceptions.
If you must block a network address or address range that includes one or more IP addresses assigned to the Firebox, you must first add the Firebox IP addresses to the Blocked Sites Exceptions list. For instructions about how to add exceptions, see Create Blocked Sites Exceptions.
You cannot add local loopback addresses (for example, 127.0.0.1) to the Blocked Sites List because it can block internal Firebox functions.
- Select Firewall > Blocked Sites.
- Click Add.
The Add Sites dialog box appears. - From the Choose Type drop-down list, select a method to identify the blocked site. You can block an IPv4 or IPv6 host IP address, network IP address or host IP address range, host name (one time DNS lookup), or you can block a site by FQDN.
- In the adjacent text box, type the IP address, network IP address, host range, host name, or FQDN. If the exception is for a host range, type the start and end IP addresses for the range of IP addresses in the exception. For FQDN, you can use a specific domain name, such as example.com, or use a wildcard to indicate the domain and all subdomains, such as *.example.com.
- (Optional) In the Description text box, type a description of the blocked site.
- Click OK.
- Click Save.
- Click
.
Or, select Setup > Default Threat Protection > Blocked Sites.
The Blocked Sites Configuration dialog box appears.
- Click Add.
The Add Site dialog box appears.
- From the Choose Type drop-down list, select a method to identify the blocked site. You can block an IPv4 or IPv6 host IP address, network IP address or host IP address range, host name (one time DNS lookup), or you can block a site by FQDN.
- In the Value text box, type the IP address, network IP address, host range, host name, or FQDN. If the exception is for a host range, type the start and end IP addresses for the range of IP addresses in the exception. For FQDN, you can use a specific domain name, such as example.com, or use a wildcard to indicate the domain and all subdomains, such as *.example.com.
- (Optional) In the Comment text box, type a description of the blocked site.
- Select OK.
The new site appears in the Blocked Sites list.
Configure Logging for Blocked Sites
You can configure the Firebox send a log message or send a notification if a computer tries to connect to a blocked site. Tip!You can configure logging settings for blocked sites from Fireware Web UI if your Firebox runs Fireware v11.12.1 or higher.
- Select Firewall > Blocked Sites.
The Blocked Sites page appears. - Select the Settings tab.
- Configure the logging and notification settings as described in Set Logging and Notification Preferences.
- Click .
Or, select Setup > Default Threat Protection > Blocked Sites.
The Blocked Sites Configuration dialog box appears. - Click Logging.
The Logging and Notification dialog box appears. - Configure the logging and notification settings as described in Set Logging and Notification Preferences.
See Also
Import a List of Blocked Sites or Blocked Sites Exceptions
Visit or Block a Site from HostWatch