Updated on 2024-01-24 GMT+08:00

Checking IP Address Blacklists and Whitelists Fast

Context

IP address blacklist and whitelist management is an important part of border protection. Compared with traditional sophisticated security detection methods, IP address blacklists and whitelists can directly and effectively block malicious attacks, reducing system resource consumption and loads on Qiankun Shield devices.

IP address blacklists and whitelists are mainly delivered in the following situations:

  • Huawei Qiankun automatically delivers IP address blacklists after analyzing threat events.
  • After processing the threat event, security operations experts determine that it is an attack and deliver an IP address blacklist.
  • Tenants manually create and deliver IP address blacklists and whitelists on the console.

IP address blacklists and whitelists can be in the following states:

  • Effective: IP address blacklists and whitelists stored on Huawei Qiankun have been successfully delivered to the Qiankun Shield devices and have taken effect.
  • Deploying: IP address blacklists and whitelists stored on Huawei Qiankun have not been delivered to the Qiankun Shield devices.
  • Failed: The delivery command has been issued but IP address blacklists and whitelists fail to be delivered.

High-level tenant accounts have the permission to check their own and lower-level tenant accounts' IP blacklists and whitelists.

Procedure

  1. Log in to the Huawei Qiankun console, and choose > My Services > Border Protection and Response.
  2. Click Blacklist and Whitelist in the menu bar.
  3. Check IP address blacklists on devices.

    Choose Device IP Blacklist > IP Address Blacklist. You can click in the Last Modified At column to view the records in chronological or reverse chronological order.

    After Huawei Qiankun delivers the IP address blacklist to block IP addresses, the device periodically obtains the IP address blacklist from Huawei Qiankun. The generation time of the IP address blacklist on the two sides may be different. Therefore, the remaining blocking duration of the IP address blacklist displayed on the two sides may be different. Use the remaining blocking duration on Huawei Qiankun.

    Figure 1 Checking IP address blacklists on devices

    Table 1 Key parameters of the IP address blacklist

    Parameter

    Description

    Global Whitelist or Not

    If a source or destination IP address is in the global whitelist, a blacklist containing the IP address cannot be delivered by Huawei Qiankun automatically or by its security operations experts. The IP address blacklist can only be manually created and delivered by tenants and MSPs.

    Creator

    • Tenant: A tenant manually delivers an IP address blacklist on Huawei Qiankun.
    • Delegated party: An MSP manually delivers an IP address blacklist on Huawei Qiankun.
    • System: An IP address blacklist is delivered by Huawei Qiankun automatically or by security operations experts.
    • Third-party interface: Carriers deliver an IP address blacklist.

Follow-up Procedure

  • Check historical IP address blacklists.

    A historical IP address blacklist refers to an IP address blacklist that has taken effect but has been deleted or expired. You can choose Blacklist and Whitelist > Device IP Blacklist > IP Address Blacklist > Historical IP Blacklist to check historical IP address blacklists.

  • Modify an IP address blacklist or whitelist.

    Select an IP address blacklist or whitelist and click Modify in the Operation column to reconfigure the IP address blacklist or whitelist.

  • Delete an IP address blacklist or whitelist.

    Select an IP address blacklist or whitelist and click Delete in the Operation column to delete the IP address blacklist or whitelist.