Blacklist Function Optimization on ADS R90F03

Blacklist Function Optimization on ADS R90F03

agosto 11, 2023 | NSFOCUS

ADS R90F03 refactors the blacklist function. You can configure group-specific blacklist rules, and blacklists of different groups take effect independently. Besides, you can use a global blacklist to make related rules and blocked addresses take effect for all groups.

Blacklist Introduction on ADS

The blacklist function in ADS before R90F03 has the following features:

  • Only global blacklists are available, without treating protection groups in a differentiated way.
  • IP address ranges are not supported.
  • The Lockout Period is unclearly defined, easily causing misunderstandings.
  • An exported blacklist cannot be imported again.

ADS R90F03 and later refactor the blacklist function and introduces the following features:

  • Blacklists are divided into global blacklists and group blacklists for fine-grained control.
  • Both the manual blacklist and automatic blacklist are available.
  • Manual blacklists accept IP address ranges. Only IP address ranges in CIDR format are supported, such as 1.2.3.0/24. IP address ranges expressed in a format like 1.2.3.0-1.2.3.255 are not supported.
  • Lockout Period is renamed Auto Block. Besides, this field is added as a mandatory parameter for adding a blacklist entry manually and importing a manual blacklist file.
  • Quick export and detailed export of blacklists are supported.
  • An exported blacklist can be imported again.
  • Automatic blacklists are divided into global automatic blacklists and group-specific automatic blacklists. IP addresses blocked according to global rules are added to global blacklists, and other blocked IP addresses are added to group-specific blacklists.

Global/Group and Manual/Automatic Blacklist

1. Global blacklist: valid for all groups.

Configuration path: Policy > Access Control > Blacklist.

2. Group blacklist: valid for a specific group.

Configuration path: Policy > Anti-DDoS > Protection Groups.

3. Manual blacklist: IP addresses or IP files manually added.

4. Automatic blacklist: automatically added by the Drop and add to blacklist action of security policies.