Configuration Example: Security Intelligence Blocking

Configure your access control policy to block all threats detectable by the system's regularly updated Security Intelligence feeds.

The number of objects in the Block lists plus the number in the Do Not Block lists cannot exceed 125 network objects, or 32767 URL objects and lists.

Before you begin

  • To ensure that all options are available to select, add at least one managed device to your management center.

  • Configure a DNS policy to block all Security Intelligence threat categories for domains. For more information, see DNS Policies.

  • If you have, or will have, custom lists of entities to block, create a Security Intelligence object of each type (URLs, DNS, Networks.) See Security Intelligence.

Procedure

Step 1

Click Policies > Access Control.

Step 2

Create a new access control policy or edit an existing policy.

Step 3

In the access control policy editor, click Security Intelligence.

If the controls are dimmed, settings are inherited from an ancestor policy, or you do not have permission to modify the configuration. If the configuration is unlocked, uncheck Inherit from base policy to enable editing.

Step 4

Click Networks to add blocking criteria for IP addresses.

  1. Scroll down in the Networks list and select all of the threat categories listed below the Global lists.

  2. If applicable, select the security zones for which you want to block these threats.

  3. Click Add to Block List.

  4. If you have created custom lists or feeds with addresses to block, add those to the Block List using the same steps as above.

Step 5

Click URLs to add blocking criteria for URLs, and repeat the steps you followed for Networks.

Step 6

Choose a DNS policy from the DNS Policy drop-down list; see DNS Policy Overview.

Step 7

Click Save.

What to do next

  • Enable logging for these connections

  • Deploy configuration changes.

  • For additional protection, configure URL filtering to block malicious URLs. See URL Filtering.