Blocked Sites and Traffic Monitor
When an IP address is on the Blocked Sites list, a traffic log message that involves this address shows the destination interface as unknown. From Firebox System Manager (FSM), you can see the destination interface and add the IP address to the temporarily blocked sites list.
To see the destination interface:
- Select the Traffic Monitor tab.
- Select a traffic log message.
- Right-click the message and select Destination IP Address.
The Destination IP address and a menu of options appear.
To save computation cycles, Fireware does not identify the destination interface of a packet if the source or destination IP address is blocked.
To block the destination interface IP address:
- Select the Traffic Monitor tab.
- Select a message.
- Right-click the message and select Destination IP Address.
The Destination IP address and a menu of options appear. - Select Block Site.
The Choose Expiration dialog box appears.
- To change the amount of time the IP address is blocked, in the Expire After text box, type a value. From the drop-down list, select Hours, Minutes, or Seconds.
- Click OK.
The Update signature dialog box appears. - Type your Device Administrator passphrase and click OK.
The IP address is temporarily added to the Blocked Sites list for the specified amount of time.