Whether the USG6000 series supports manually deleting a dynamic blacklist

3

Blacklist entries can be dynamically or manually deleted.

Other related questions:
What are types of blacklists (firewall)
There are two types of blacklists: -Static blacklists that are configured manually. -Dynamic blacklist that are generated when the system detects scanning attacks.

Blacklist definition and implementation mechanism of the USG6000 series
The USG6000 series supports configuring the blacklist. The definition and mechanism of a blacklist are as follows: The blacklist is a typical measure for security defense. The system discards all packets that match the blacklist. The blacklist is more efficient in filtering packets from or to specific IP addresses when compared with security policies. The USG6000 series supports blacklisting users, source addresses, or destination addresses to form three types of blacklists. -User blacklist After a user is added to the blacklist, the device discards the packets from or to the user. -Source IP address blacklist After a source IP address is added to the blacklist, the device discards all packets from this IP address. -Destination IP address blacklist After a destination IP address is added to the blacklist, the device discards the packets destined for this IP address.

Whether logs of CE series switches need to be deleted manually
Manually deleting logs is not required. When the log storage space is greater than 80% of the available space, or the number of log files exceeds the threshold, the system automatically deletes the earliest log file to ensure that the latest logs can be recorded.

How to configure the dynamic blacklist function on AC
For V200R003 and V200R005, you can perform the following steps on the AC to configure the dynamic blacklist function: 1. Run the dynamic-blacklist enable command in the AP view to enable the dynamic blacklist function. 2. Run the dynamic-blacklist aging-duration duration command in the AP view to set the aging time of the dynamic blacklist. The variable duration specifies the aging time of the dynamic blacklist. 3. Run the commit { all | ap ap-id } command in the WLAN view to deliver configurations to the APs. For V200R003 and V200R005, you can perform the following steps on Fat APs to configure the dynamic blacklist function: 1. Run the dynamic-blacklist enable command in the WLAN view to enable the dynamic blacklist function. 2. Run the dynamic-blacklist aging-duration duration command in the WLAN view to set the aging time of the dynamic blacklist. The variable duration specifies the aging time of the dynamic blacklist.

Whether the USG6000 series supports threshold learning
Yes.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top