Configuring Botnet Filtering

To configure Botnet filtering, perform the following steps:
1
Navigate to the Security Services > Botnet Filter page.

2
To block all servers that are designated as Botnet command and control servers, select the Block connections to/from Botnet Command and Control Servers option. All connection attempts to/from Botnet command and control servers will be blocked. To exclude selected IPs from this blocking behavior, use exclusion lists as described in the following steps.
3
Select one of the following two modes for Botnet Filtering:
All Connections: All connections to and from the firewall are filtered. This is the default Botnet block mode.
Firewall Rule-Based Connections: Only connections that match an access rule configured on the firewall are filtered.
4
If you want to block all connections when the Botnet database is not downloaded, select the Block all connections to public IPs if BOTNET DB is not downloaded.
5
Select Enable logging to log Botnet Filter-related events.
6
Optionally, you can configure an exclusion list of all IPs belonging to the configured address object/address group. All IPs belonging to the list are excluded from being blocked. To enable an exclusion list, select an address object or address group from the Botnet Exclusion Object drop-down menu.

7
Click the Accept button at the top of the page to enable your changes.