Security Services > Botnet Filter
1264
SonicOS 5.8.1 Administrator Guide
Security Services > Botnet Filter
The Botnet Filtering feature allows administrators to block connections to or from Botnet
command and control servers.
To configure Botnet filtering, perform the following steps:
1. Enable Block connections to/from Botnet Command and Control Servers to block all
servers that are designated as Botnet servers. Use the exclusion list below to exclude
approved IP addresses.
2. Select one of the two modes of Botnet Filtering:
–
All: All connections to and from the specified countries are blocked.
–
Firewall Rule-Based: Only connections that match an access rule configured on the
appliance will be blocked.
3. Select Enable logging to log Botnet Filter-related events.
4. Optionally, you can configure an exclusion list to all connections to approved IP addresses.
To do so, go to the Botnet Exclusion Object pulldown menu and select an address object
or address group.
Note If you believe that a certain address is marked as a botnet incorrectly, or if you believe an
address should be marked as a botnet, report this issue at the SonicWALL Botnet IP Status
Lookup tool at:
http://botnet.global.sonicwall.com/