Overview

Sometimes, it is necessary to ignore or block specific websites' traffic flowing through the Exinda for multiple reasons. Whether this is to discard traffic to unwanted sites or to ignore traffic that should be shaped due to incompatibility, it is possible to perform these two options in Exinda as long as the traffic is known (whether if it is by IP or by application). This article provides instruction to achieve that.

It should be noted that the Exinda appliance is not a firewall, and it cannot sustain the type of filtering or access control that a dedicated firewall can handle.

Process

Note: it is always best to add the traffic as a network object based on the IP, if possible, as it provides a higher granularity of control.

Using the IP, create a network object:

1. Log in to the Web UI.
2. Navigate to Configuration > Objects > Network.
3. Name a new object accordingly and select subnet reports, if needed.
4. Add the IP to the IP Network Address / Mask Length field.
5. As a subnet mask, add it as a /32.
6. Click Add New Network Object.

Alternatively, without the IP, create an application:

1. Log in to the Web UI.
2. Go to Configuration > Objects > Applications.
3. Under the L7 Signature, select http. 
4. Select host.
5. Add the URL, e.g., microsoft.com.
6. Click on Add New Application.

In ExOS v7.4.1, it is also possible to create an FQDN-based network object, which is a hybrid approach:

1. Log into the command-line interface.
2. Go into configuration mode by executing the below commands:
   
   

   en

   conf t

3. Create the FQDN-based network object running the below commands:
   
   

   network-object [Name] fqdn [domain name]

   
   This will allow for a dynamic website to be correctly classified by the Exinda regularly.

After creating the object or application as explained above, create a 'block or ignore' policy, and apply it to the current Optimizer configuration:

1. Log in to the Web UI.
2. Click on the Optimizer.
3. Under the Virtual Circuit where you want the functionality, click Create New Policy.
4. Assign a name to the policy.
5. Assign a Virtual Circuit policy number that is lower than most the other Virtual Circuit policy numbers so that it is closer to the top of the list.
6. Under the Action field, select Ignore or Block, as you see fit. 
7. Under either Source or Destination, select the network object, and if you added the application, select it accordingly. 
8. Click Add New Policy.

Once the policy is added, it can be then assigned to any other required Virtual Circuits by using the dropdown menu located in the Optimizer page. It will show a list of all the policies in the system, and after assigning a new Virtual Circuit policy number, it can be added by clicking the Add to Virtual Circuit button beside the drop down.