Botnet Site Exceptions

You can create exceptions to the Botnet Detection sites list. These entries are configured and processed as Blocked Site Exceptions. When you add a site to the exceptions list, traffic from that site is not blocked, even if it is included in the Blocked Sites list as a result of the Botnet Detection feature. Traffic from sites on the exceptions list is also not automatically blocked by features such as Default Threat Protection, and by block actions configured in a proxy policy. For more information, go to Create Blocked Sites Exceptions.

When you add a site to any one of the Botnet Detection Exceptions, Geolocation Exceptions, or Blocked Sites Exceptions lists, the site is not blocked by any of these services or Default Packet Handling.

For example, if you add www.example.com to the Geolocation Exceptions list, then Botnet Detection, Blocked Sites, and Default Packet Handling also do not block the site. If you already added a site to one exception list, you might see an error if you try to add the site to an exception list for another service.

You can add an exception for:

  • IP address
  • Network IP address range
  • Host IP address range
  • Host name (one time DNS lookup)
  • FQDN (includes wildcard domains).

For more information about how to use FQDN in exemptions and policies, go to About Policies by Domain Name (FQDN).

  1. Select Subscription Services > Botnet Detection.
    The Botnet Detection page appears.

Screen shot of the Botnet Site Exceptions page
Botnet Site Exceptions in Fireware Web UI

  1. To add an exception, click Add.
  2. From the Choose Type drop-down list, select a method to identify the botnet site exception.
  3. In the adjacent text box, type the address for the type you selected:
    If the exception is for a host range, type the start and end IP addresses for the range of IP addresses in the exception.
    For FQDN, you can use a specific domain name, such as example.com, or use a wildcard to indicate the domain and all subdomains, such as *.example.com.
  4. (Optional) In the Description text box, type a description of the botnet site exception.
  5. Click OK.
  6. Click Save.
  1. Select Subscription Services > Botnet Detection.
    The Botnet Detection dialog box appears.

Screen shot of the Botnet Site Exceptions dialog box
Botnet Site Exceptions in Policy Manager

  1. Click Add to add an exception.
  2. From the Choose Type drop-down list, select a method to identify the botnet site exception.
  3. In the adjacent text box, type the address for the type you selected.
    If the exception is for a host range, type the start and end IP addresses for the range of IP addresses in the exception.
    For FQDN, you can use a specific domain name, such as example.com, or use a wildcard to indicate the domain and all subdomains, such as *.example.com.
  4. (Optional) In the Description text box, type a description of the botnet site exception.
  5. Click OK.
  6. Save the configuration to the Firebox.

Related Topics

About Botnet Detection

Configure Botnet Detection

Configure the Botnet Detection Update Server