Firewall

Navigation:  Imunify360 User Interface >

Firewall

Previous pageReturn to chapter overviewNext page

Firewall tab allows viewing and managing the IP addresses in the lists:

 

White list - allows to always accept IPs from the list.

Gray list - an auto-generated list of all the IPs blocked by Imunify360, based on Sensors alerts and alerts from the central server.

Black list - allows to always block IPs from the list.

Blocked ports - allows to manage the list of blocked ports.

 

White list

 

Click Firewall in the main menu then choose White List.

 

Use filters to show the exact list of the IPs:

 

Page size - allows setting the number of the incidents to be shown on the page.

IP - allows filtering the list by IP. Tick IP checkbox to enable input field where you can enter an IP or a part of.

Country - allows filtering the list by country origin. Tick Country checkbox to enable an input field with autocomplete where you can enter a country name. Imunify360 will show the list of IPs of the chosen country.

 

You can perform the following actions with the IPs in the White list:

 

1.Adding the IPs manually.

2.Adding comments to the IPs.

3.Moving the IPs from the White list to the Black list.

4.Removing the IPs from the list.

 

1. How to manually add the IPs:

 

To add an IP to the White list click Add on the right side of the page:

 

add

 

In the pop-up choose Add IP tab and specify the following:

 

1. Enter IP - add IP or subnet in CIDR notation.

 

2. Enter a comment - add a comment to the IP or subnet (optional).

 

3. Choose where to add the IP or subnet to the Black or to White List.

 

3.1 For White list it is possible to tick Full Access checkbox to make this IP or subnet ignore the rules in Blocked ports. The IPs with full access have a crown icon in the IP column. Note that it is possible to grant or remove full access afterwards in the table, just click cog icon and choose Grant Full Access to grant or Remove Full Access to remove it.

 

grant full access

 

When done, click Add IP to confirm your action or Cancel to hide pop-up.

 

 

add_ip

 

You will see a notification if an IP has been added successfully:

 

added

 

2. How to add a comment to the IP:

 

In the proper IP row click plus sign (+) in the Comment column, type a comment and click Save in the pop-up:

 

add_comment

 

To remove a comment just delete the text in the pop-up and click Save.

 

3. How to move IPs from the White List to the Black List:

 

To move several IPs from the White list to the Black list choose proper IPs (use checkboxes), click Move permanently at the top of the table and choose Black list in the drop-down.

 

move_ip

 

To move one IP address, click on a cog icon in proper IP row and choose Black List in the drop-down.

 

move_ip_01

You will see a notification if an IP is moved successfully.

 

success

4. How to remove IP addresses from the White list:

 

To remove several IPs from the White list, choose proper IPs (use checkboxes) and click Delete permanently.

 

remove

 

To move an exact IP just click trash icon in front of a proper IP address.

 

You will see a notification if an IP is deleted successfully:

 

success_01

 

Whitelisted trusted services

Imunify360 has a predefined whitelisted services. The actual list always available here.

 

5. Whitelisted trusted services

 

Imunify360 has a predefined whitelisted services. The actual list always available on the link.

 

Gray List

 

Choose Firewall tab in the main menu then click Gray List.

 

Use filters to show the exact list of IPs:

 

Page size - allows setting the number of the incidents to be shown on the page.

IP - allows filtering the list by IP. Tick IP checkbox to enable input field where you can enter an IP or part of IP.

Country - allows filtering the list by country origin. Tick Country checkbox to enable an input field with autocomplete where you can enter a country name. Imunify360 will show the list of IPs of the chosen country.

 

The only Removing IPs from the list is available in the Gray list:

 

How to remove IPs from the Gray list:

 

To remove several IPs from the Gray list choose IPs in the list (use checkboxes) and click Delete permanently.

 

remove_ip_fro_gray

 

To remove an exact IP click on a trash icon in front of a proper IP.

 

You will see a notification if the IP is deleted successfully.

 

success_01

Black List

 

Choose Firewall tab in the main menu then click Black List.

 

Use filters to show an exact list of the IPs:

 

Page size - allows setting the number of the incidents to be shown on the page.

IP - allows filtering the list by IP. Tick IP checkbox to enable input field where you can enter an IP or a part of.

Country - allows filtering the list by country origin. Tick Country checkbox to enable an input field with autocomplete where you can enter a country name. Imunify360 will show the list of IPs of the chosen country.

 

The following actions are available with IPs in the Black list:

 

1.Adding the IPs manually.

2.Adding the country.

3.Adding comments to the IPs.

4.Moving IPs from the Black list to the White list.

5.Removing the IPs manually.

 

1. How to manually add the IPs:

 

To add an IP to the Black List click Add on the right side of the page.

 

add_black

 

In the pop-up choose Add IP tab and fill out:

 

1.Enter IP - an IP or subnet in CIDR notation.

2.Enter a comment - type a comment to the IP or subnet (optional).

3.Choose Black List radio button.

 

When done, click Add IP to confirm your action or Cancel to hide pop-up.

 

add_IP_black

 

You will see a notification if the IP is added successfully.

 

added

 

2. How to manually add a country:

 

To add a country to the Black List click Add on the right side of the page:

 

add_black

 

In the pop-up choose Add Country tab and fill out:

 

1.Enter country - autocomplete field. Just start typing.

2.Enter comment - type a comment to the IP or subnet (optional).

 

When done, click Add Country to confirm or Cancel to hide pop-up.

 

north_korea

 

You will see a notification if a country has been added successfully.

 

sucess_country

 

3. How to add a comment to the IP:

 

In a proper IP line click plus sign (+) in the Comment column, add a comment and click Save in the pop-up:

 

add_comment

 

To remove a comment just delete the text in the pop-up and click Save.

 

4. How to move the IPs from the Black list to the White list:

 

To move the IPs from the Black list to the White list choose proper IPs in the list (use checkboxes), click Move permanently at the top of the table and choose White list in the drop-down.

 

move_ip_black

 

To move an exact IP just click on a cog icon in a proper IP row and choose White list in the drop-down.

 

move_black

You will see a notification if an IP is moved to the White list successfully.

 

success

5. How to remove IPs from the Black list

 

To remove IPs from the Black List choose proper IPs in the table (use checkboxes) and click Delete permanently.

 

delete_permanently

To remove an exact IP just click on a trash icon in the row.

 

You will see a notification if an IP is successfully deleted.

 

success_01

 

Blocked ports

 

This feature allows to block specific ports for TCP/UDP connection. It is also possible to add specific IPs or subnet as a whitelisted, so that the rule for the port will not work.

 

Click Firewall and choose Blocked Ports.

 

Note. If CSF integration enabled, then Blocked Ports will be disabled. Imunify360 imports Closed ports and their whitelisted IPs from CSF.

 

Use filters to show the exact list of IPs:

 

Page size - allows setting the number of the incidents to be shown on the page.

IP - allows filtering the list by IP. Tick IP checkbox to enable input field where you can enter an IP or a part of.

Description - allows filtering the list by text in notes.

 

The following actions are available for the ports:

 

1.Adding port to the list of blocked ports.

2.Editing ports in the list of blocked ports.

 

Adding a port to the list of blocked ports

 

On the Firewall page choose Blocked ports and click Add Port. In the pop-up window specify the following:

 

Port - the number of the port to be added to the list of blocked ports.

TCP/UDP - tick the checkboxes of connection types for the port that should be blocked.

Description (optional) - add a text to be added as a note for the port.

List of IPs/Subnets - add IPs or subnets to the Whitelist separated by commas. They will be able to use the port.

 

Click Add Port to proceed or Cancel to close pop-up.

 

add_port

Editing ports in the blocked ports list

 

To add an IP or a subnet to the Whitelist for the port, click +IP and in the Add IP/Subnet pop-up window specify the following:

 

Enter IP - IP or subnet that should be added to the whitelist.

Enter description - enter the text to be added as a note to the IP or subnet.

 

add_ip_ports

 

In the blocked ports list it is possible to edit notes for IPs and ports. Click pen icon near the note and make changes.

 

add_port_01

 

To delete port or separate IP/subnet, click trash icon in the row of the element.

 

add_port_02