I'm somewhat new to LEM and was looking at using the Block IP active response in a rule. I don't see any option in the rule builder to select which of the LEM connected firewalls I want to block the IP on. If I start this rule will it attempt to block the specified IP on all of my firewalls or just the one the log came from? I'd really like to block the IP logged from the external firewall on the internal one but I'm not sure this is possible.
Thank you,
Shane Isbister