Watchguard Firebox X15 User Manual page 165

9
Default Threat Protection
About intrusion prevention
The Firebox X Edge e-Series includes a set of default threat protection features designed to keep out network
traffic from systems you know or think are a security risk. This set of features includes:
Permanently blocked site
The Blocked Sites list is a list of IP addresses you add manually to your configuration file. The IP
addresses on this list cannot connect to or through the Edge on any port.
Auto-blocked sites
IP addresses that the Firebox adds or removes on a temporary blocked site list. The Firebox uses the
packet handling rules that are specified for each service. For example, you can configure the Firebox
to automatically block the source IP address of a computer that tries to connect through the Edge
with the telnet service on port 23. If a computer tries to connect and gets denied, that computer
cannot make any connections through the Edge, on any port, for a time period you control. This is
known as the Temporary Blocked Sites list.
Blocked ports
You can block the ports that you know can be used to attack your network. This stops specified
external network services. When you block a port, you override all the rules in your firewall
configuration.
Denial of Service protection
A full set of denial of service protection rules allows you to set your own thresholds to prevent
common denial of service attacks such as SYN flood attacks or ICMP flood attacks. You can also set
connection limits to protect your network from distributed denial of service attacks.
Firewall options
A set of global firewall rules to control features such as default logging rules and FTP access to the
Edge.
User Guide 153