| Reason |
Explanation |
Examples |
| Country (Allow & Deny) |
If a connection is denied, the country is being blocked per the country policy. If a connection is allowed, the country is being allowed per the country policy and no other policies are set to deny it. |
There are no policies placed against the United States, so packets flow smoothly. China has been blocked on your policy map, so connections to China will be denied. |
| Whitelist (Allow) |
The IP address or domain is allowed per the whitelist policy. |
A user has manually placed an IP or IP subnet on the whitelist. |
| Exception (Allow & Deny) |
If a connection is denied, the IP address is included in an exception list that has been set as a denied list. If a connection is allowed, the IP address is included in an exception list that has been set as an allowed list. |
A user has created a custom allow lost and has placed the IP in question into the list. They then apply it to one of their resource groups. |
| IP_Rep (Deny) |
The IP address is blocked per the Threat Intel policy. |
The offending IP has been added to the Botnet category and the user has that category active. |
| Throttle (Deny) |
Connections are being denied per the set country throttle policy OR bandwidth through the device has exceeded its current license. |
A throttle policy for connections coming from China has been triggered and now is throttling any traffic from that country. |
| Blacklist (Deny) |
The IP address or domain is blocked per the blacklist policy. |
The offending IP has been placed on one or more active blacklists that is being provided by us or the user. |
| Flow (Deny) |
The Bandura ThreatBlockr has seen a packet that is does not see as a valid part of an established connection. |
TCP packet that is not a SYN and isn’t part of any existing connections. |
Comments
0 comments
Please sign in to leave a comment.