Configure IP Blocking

The IP Blocking feature monitors network activities in real-time and blocks or allows connections between MBG and specific network blocks of IP addresses (netblocks) in CIDR format. Use the following procedures manage lists containing the netblocks, specify the order the lists are treated, and add the lists to MBG.

Managing CIDR Lists

CIDR lists are available on the internet that contain netblocks for entrie countries. You can obtain these files and modify them for your needs. You can also create your own CIDR lists from scratch.

Use a text editor to create CIDR lists according the following format:

# Block List Title

4.17.135.32/27 # Comment

4.17.143.0/28

Note:

A list can be used to either block connections (black list) or allow connections (white list).
Enter addresses in IPv4 format with suffixes expressed in CIDR notation (for example, 4.17.135.32/27).
Enter comments in shell style (behind a hash mark: #).
Save the file in plain text format (with a .TXT extension).

Setting the Rules Mode

When you add a list, you must specify whether it is black (to block connections) or white (to allow connections). By selecting the rules mode, you determine which lists the MBG uses first, black or white. This sets the blocking strategy for your enterprise.

To set the operating mode:

On the MBG main page, click the Network tab and click IP blocking.
In Rules mode, select either:
- White / Black / Allow: MBG first checks the white lists and, if a match is found, allows the connection. If a match is not found, MBG then checks the black lists and, if a match is found, denies the connection. If no matches are found, MBG allows the connection. You can use this mode to block connections from particular countries with exceptions made for branch offices located in those countries.
- Black / White / Deny (default): MBG first checks the black lists and, if a match is found, denies the connection. If a match is not found, MBG then checks the white lists and, if a match is found, allows the connection. If no matches are found, MBG denies the connection. You can use this mode to allow connections only from specific SIP trunk endpoints, from particular countries, or from particular countries but with some (threatening) networks blocked. For example, you could add a white list that allows all connections from France plus a black list that denies some connections from Paris.

Note: MBG will always allow connections from local networks, ICPs, SIP trunk endpoints and the loopback connection, regardless of the rule order and list configuration.

Managing the Lists

In addition to being able to add new “white” and “black” lists, you can edit and delete existing lists.

To add a new IP blocking list:

On the MBG main page, click the Network tab and click IP blocking.
Click the sign to display the Add IP blocking dialog.
Enter the Name for this list.
Select the Mode, either White (allowed) or Black (blocked).
Click Choose File, navigate to the location of the list, select the list and click Open.
Click Save to upload the file.

The new list is activated, and is now either allowing (white) or blocking (black) IP addresses.

To edit an existing IP blocking list:

On the MBG main page, click the Network tab and click IP blocking.
Locate the list you want to edit and click . The file is downloaded to your computer.
Locate the file on your computer, edit it as required, and then save it.
Return to the IP blocking screen, locate the file you wish to edit, and then click .
Enter the Name for this list.
Select the Mode, either White (allowed) or Black (blocked).
Click Choose File, navigate to the list you edited, select the list and click Open.
Click Save to save your changes.

The edited list is activated, and is now either allowing (white) or blocking (black) IP addresses.

To delete an IP blocking list:

On the MBG main page, click the Network tab and click IP blocking.
Locate the list you wish to delete and click .
Click OK. The deletion is confirmed.