Use IP reputation category objects to allow or deny network
access according to the reputation of an IP address.
About this task
You can specify a threshold for an IP reputation category
object to control the level of policy enforcement for related traffic. When
you specify a threshold, the appliance applies network policy rules
only when the source or destination IP address is categorized in an
IP reputation category and it has a score that is equal to or greater
than the specified threshold. Threshold default is 50 per IP reputation
category. Valid range for a threshold is 1 - 100. IP reputation categories
include Spam, Anonymous Proxies, Dynamic IPs, and Malware.
Important: The appliance uses IP Reputation database information
in IP reputation category objects. You must have a valid IP Reputation
license to receive updates to the IP Reputation database.
Procedure
- Click .
- In the Network Objects pane, click .
Tip: IP reputation category
objects can also be created from the network access policy rule pane,
in the application tab.
- Type a name for the network object in the Name field.
- Type a comment to identify the object in the Comment field.
- Select the IP Reputation Categories that
you want to include in the object.
- Click the value in the threshold column to specify the
threshold.
- Click Save Configuration.
What to do next
After you configure an IP reputation category object, add
it to one or more rules in the Network Access policy. When the appliance
detects traffic that is classified in the specified IP reputation
category, it initiates the actions that are specified in the rules.
Note: After
you create or edit IP reputation category objects that are used by
a Network Access policy rule, you must deploy the updated Network
Access policy for the changes to take effect.