cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
bola_2911
Level 7

Domain block on NSM

Hi All,

 

we have a large number of domain name, that we have to block on NSM.

the way i figure it out is first create the dns name in the group objects.

then based upon the group objects, create the Firewall policy, to block the traffic coming from those domains.

is there another way to block dns?

 

Thanks

B

0 Kudos
1 Reply
SalmanFreid
Level 8

Re: Domain block on NSM

Hello,

As a disclaimer before I answer, this is a task that should be carried out by your firewall, not NSP, so I'm not sure it would perform the required tasks as "cleanly" as using the suggested method (firewall).

While DNS/URL blocking isn't really the responsibility of NSP, you can technically perform this action using NSP in the following way:

On the Manager GUI > Policy > Policy Types > IPS Policy > Custom Attacks > Click '+' to add a new custom policy > Select the appropriate options (I.E the first URL you would like to blacklist)

After you've blacklisted the first URL, you can click the signature and add additional DNS domains under the Signature tab > Signature details > OR > Add additional dns qnames.

When the criteria is met it should block the specified domains. 

To add to the above information, a far more simple example of DNS blocking using iptables would be as such:

linuxfirewallconsole ~$ iptables -A INPUT -s exampledomain.com -j DROP

linuxfirewallconsole ~$ iptables -A OUTPUT -d exampledomain.com -j DROP

This command will vary depending on the firewall solution you are using, but it seems like a much easier way to go about blocking websites on your network.