Global and Domain Security Intelligence Lists
The management center includes Global Block and Do-Not-Block lists, which enable you to use Security Intelligence to consistently block specific connections or exempt certain connections from being blocked, allowing them to be evaluated by other threat detection processes you have configured.
For example, if you notice a set of routable IP addresses in intrusion events associated with exploit attempts, you can immediately block those IP addresses. Although it may take a few minutes for your changes to propagate, you do not have to redeploy.
By default, Access control and DNS policies use these Global lists, which apply to all security zones. You can opt not to use these lists on a per-policy basis.
Note | These options apply to Security Intelligence only. Security Intelligence cannot block traffic that has already been fastpathed. Similarly, adding an item to a Security Intelligence Do Not Block list does not automatically trust or fastpath matching traffic. For more information, see About Security Intelligence. |