Blacklist definition and implementation mechanism of the USG6000 series

38

The USG6000 series supports configuring the blacklist. The definition and mechanism of a blacklist are as follows:
The blacklist is a typical measure for security defense. The system discards all packets that match the blacklist. The blacklist is more efficient in filtering packets from or to specific IP addresses when compared with security policies.
The USG6000 series supports blacklisting users, source addresses, or destination addresses to form three types of blacklists.
-User blacklist
After a user is added to the blacklist, the device discards the packets from or to the user.
-Source IP address blacklist
After a source IP address is added to the blacklist, the device discards all packets from this IP address.
-Destination IP address blacklist
After a destination IP address is added to the blacklist, the device discards the packets destined for this IP address.

Other related questions:
Definition of SSL VPN on the USG6000 series
SSL VPN allows mobile employees (called remote users in SSL VPN) to securely access their intranet resources, improving productivity.

Uplink and downlink definitions in traffic policies of the USG6000 series
Because traffic profiles are referenced by traffic policies, the uplink and downlink in traffic profiles are mapped to directions in traffic policies. It is determined as uplink in a traffic profile if traffic is in the same direction as the traffic policy, and determined as downlink if traffic is in the opposite direction. Before configuring a traffic profile, confirm the uplink and downlink directions based on the actual situation, for example, the traffic of an internal user accessing the external network is uplink traffic, and then map the traffic profile to a traffic policy (source address: user; destination address: external resource address). For example, to restrict the traffic from the trust zone to the untrust zone, configure traffic control as follows: �?In the traffic policy, if the source zone is the trust zone and the destination zone is the untrust zone, configure uplink traffic control in the traffic profile (same direction as the traffic policy). �?In the traffic policy, if the source zone is the untrust zone and the destination zone is the trust zone, configure downlink traffic control in the traffic profile (opposite direction to the traffic policy).

Whether the USG6000 series supports manually deleting a dynamic blacklist
Blacklist entries can be dynamically or manually deleted.

IP-Link definition on the USG
IP-Link indicates the link accessibility check. The firewall periodically sends ICMP echo requests or ARP requests to the specified destination IP address and waits for responses. If no response is received with the specified period of time, the firewall considers that the current link is faulty and performs subsequent link-related operations. If the firewall receives three consecutive responses over the original link within the subsequently-specified period of time, the firewall considers that the link fault is eliminated and performs subsequent link recovery-related operations.

License functions on firewalls
The license definition is as follows: A license is an agreement made by and between a supplier and a customer on authorizing or being authorized the usage scope and time limit of the sold or bought product. A license can dynamically control features of products available for a customer. A license is an agreement in which the supplier authorizes the customers to use certain functions, resources, and upgrade services of the purchased products before expiry. Physically, a license consists of a license certificate and a license file. -A license certificate is issued by a supplier to a customer who purchased the license, for activating the license. The license certificate contains Contract No., Activation Password, and license content. -A license file is a .dat file provided for the customer after the license is activated. The customer needs to load the license file on a device or software to use the related functions.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top