Cisco Cisco Firepower Management Center 4000

also be ignored. If you want to monitor or block all traffic targeted by a policy, use an access control rule 
with the 

 or 

 rule action, respectively, and a default value of 

 for the 

 and 

, instead of security intelligence filtering.

Because adding an IP address to the global whitelist or blacklist affects access control, you must have 
one of the following:

Administrator access

a combination of default roles: Network Admin or Access Admin, plus Security Analyst and 
Security Approver

a custom role with both Modify Access Control Policy and Apply Access Control Policy 
permissions; see 

Admin/Custom

In an event view, packet view, the Context Explorer, or a dashboard, hover your pointer over an IP 
address hotspot.

In an event view or dashboard, hover your pointer over an IP address, not the host icon (

) to its left.

Invoke the context menu:

In an event view or dashboard, right-click.

In the Context Explorer or packet view, left-click.

From the context menu, select either 

 or 

.

For information on the other options in the context menu, see 

.

Confirm that you want to whitelist or blacklist the IP address.

After the Defense Center communicates your addition to its managed devices, your deployment begins 
filtering traffic according to your change.

Admin/Network Admin

On the object manager’s Security Intelligence page, next to the global whitelist or blacklist, click the 
edit icon (

).

The Global Whitelist or Global Blacklist pop-up window appears.

Next to the IP addresses you want to remove from the list, click the delete icon (

).

To delete multiple IP addresses at once, use the Shift and Ctrl keys to select them, then right-click and 
select 

.

Click 

.

Your changes are saved, but you must apply your access control policies for them to take effect.