Configuring a Global Whitelist

Context

If the services running on some assets are of critical importance or some assets are free from security risks after confirmation, you can add the IP addresses of these assets to the global whitelist to prevent these IP addresses from being blacklisted.

After the IP address of an asset is added to the global whitelist, an IP address blacklist containing the IP address cannot be delivered to the Qiankun Shield devices by Huawei Qiankun automatically or by its security operations experts. When a tenant delivers an IP address blacklist containing the IP address through blocking attack sources, isolating hosts, or configuring an IP address blacklist policy on Huawei Qiankun, Huawei Qiankun prompts the tenant whether to continue the delivery. The tenant determines whether to continue the delivery based on the requirements.

Procedure

1. Log in to the Huawei Qiankun console, and choose > My Services > Border Protection and Response.
2. Click Services in the menu bar, and choose IP Security Zone from the navigation tree.
3. Create global whitelists from Global Address Management > Global Whitelist.
   

   • To check the input rules of IP Address/Range, move the mouse cursor on the icon.
   • The name of a global whitelist can be customized. You can flexibly set multiple global whitelists (a maximum of 20 global whitelists can be created for a single zone) based on service requirements. However, the network segments in multiple global whitelists cannot overlap.
   • You are advised to configure a global whitelist when the device is deployed in off-path mode to help the system identify threat events.
   Figure 1 Creating a global whitelist

   

Follow-up Procedure

• You can click the global whitelists in the Global Address Management to modify the existing configuration.
• You can click the icon next to the global whitelists in the Global Address Management to delete the existing configuration.