Checking IP Address Blacklists and Whitelists Fast
Context
IP address blacklist and whitelist management is an important part of border protection. Compared with traditional sophisticated security detection methods, IP address blacklists and whitelists can directly and effectively block malicious attacks, reducing system resource consumption and loads on Qiankun Shield devices.
IP address blacklists and whitelists are mainly delivered in the following situations:
- Huawei Qiankun automatically delivers IP address blacklists after analyzing threat events.
- After processing the threat event, security operations experts determine that it is an attack and deliver an IP address blacklist.
- Tenants manually create and deliver IP address blacklists and whitelists on the console.
IP address blacklists and whitelists can be in the following states:
- Effective: IP address blacklists and whitelists stored on Huawei Qiankun have been successfully delivered to the Qiankun Shield devices and have taken effect.
- Deploying: IP address blacklists and whitelists stored on Huawei Qiankun have not been delivered to the Qiankun Shield devices.
- Failed: The delivery command has been issued but IP address blacklists and whitelists fail to be delivered.
High-level tenant accounts have the permission to check their own and lower-level tenant accounts' IP blacklists and whitelists.
Procedure
- Log in to the Huawei Qiankun console, and choose .
- Click Blacklist and Whitelist in the menu bar.
- Check IP address blacklists on devices.
Choose
. You can clickin the Last Modified At column to view the records in chronological or reverse chronological order.
After Huawei Qiankun delivers the IP address blacklist to block IP addresses, the device periodically obtains the IP address blacklist from Huawei Qiankun. The generation time of the IP address blacklist on the two sides may be different. Therefore, the remaining blocking duration of the IP address blacklist displayed on the two sides may be different. Use the remaining blocking duration on Huawei Qiankun.
Figure 1 Checking IP address blacklists on devicesTable 1 Key parameters of the IP address blacklist Parameter
Description
Global Whitelist or Not
If a source or destination IP address is in the global whitelist, a blacklist containing the IP address cannot be delivered by Huawei Qiankun automatically or by its security operations experts. The IP address blacklist can only be manually created and delivered by tenants and MSPs.
Creator
- Tenant: A tenant manually delivers an IP address blacklist on Huawei Qiankun.
- Delegated party: An MSP manually delivers an IP address blacklist on Huawei Qiankun.
- System: An IP address blacklist is delivered by Huawei Qiankun automatically or by security operations experts.
- Third-party interface: Carriers deliver an IP address blacklist.
Follow-up Procedure
- Check historical IP address blacklists.
A historical IP address blacklist refers to an IP address blacklist that has taken effect but has been deleted or expired. You can choose to check historical IP address blacklists.
- Modify an IP address blacklist or whitelist.
Select an IP address blacklist or whitelist and click Modify in the Operation column to reconfigure the IP address blacklist or whitelist.
- Delete an IP address blacklist or whitelist.
Select an IP address blacklist or whitelist and click Delete in the Operation column to delete the IP address blacklist or whitelist.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot