cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 2
‎03-13-2018 12:19 PM

Domain block on NSM

Hi All,

 

we have a large number of domain name, that we have to block on NSM.

the way i figure it out is first create the dns name in the group objects.

then based upon the group objects, create the Firewall policy, to block the traffic coming from those domains.

is there another way to block dns?

 

Thanks

B

0 Kudos
Reply
1 Reply
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 2
‎03-26-2018 03:57 AM

Re: Domain block on NSM

Hello,

As a disclaimer before I answer, this is a task that should be carried out by your firewall, not NSP, so I'm not sure it would perform the required tasks as "cleanly" as using the suggested method (firewall).

While DNS/URL blocking isn't really the responsibility of NSP, you can technically perform this action using NSP in the following way:

On the Manager GUI > Policy > Policy Types > IPS Policy > Custom Attacks > Click '+' to add a new custom policy > Select the appropriate options (I.E the first URL you would like to blacklist)

After you've blacklisted the first URL, you can click the signature and add additional DNS domains under the Signature tab > Signature details > OR > Add additional dns qnames.

When the criteria is met it should block the specified domains. 

To add to the above information, a far more simple example of DNS blocking using iptables would be as such:

linuxfirewallconsole ~$ iptables -A INPUT -s exampledomain.com -j DROP

linuxfirewallconsole ~$ iptables -A OUTPUT -d exampledomain.com -j DROP

This command will vary depending on the firewall solution you are using, but it seems like a much easier way to go about blocking websites on your network.

 

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC