[ATP/FLEX] How to Set Up DNS/URL Threat Filter on Nebula

Options
Zyxel_Jeff
Zyxel_Jeff Posts: 1,073  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited June 2023 in Security Service

Nebula Control Center provides the DNS/URL Threat Filter that can avoid users to browse some malicious FQDNs and URLs and allows administrator to manage what URLs can be browsed or not. You can create a DNS/URL Threat Filter profile in the security service path on the Nebula and this article will guide you how to deploy it.


Configuration steps

1. Navigate to Configure > Firewall > Security Service, click +Add to edit DNS/URL Threat Filter profile.


2. Configure DNS/URL Threat Filter profile

Log –  Create an event log when the device detects a connection attempt to or from the web pages of the specified categories in DNS/URL Threat Filter profile.

To enable DNS DNS/URL Threat Filter

URL Threat Filter Denied Access Message – Enter a message to be displayed when the URL Threat Filter blocks access to a web page. The default message is “Web access is restricted. Please contact the administrator.” 

Category list – You can enable the malicious categories that you would like to block it such as: Anonymizers, Browser Exploits, Malicious Downloads, Malicious Sites, Phishing, Spam URLs, Spyware/Adware/Keyloggers, etc.

Block list – Enter the URLs list that you would like to block, the FQDN supports wildcard format such as *zyxel.com.

White list - Enter the URLs list that you would like to bypass, the FQDN supports wildcard format such as *zyxel.com.

URL Threat Filter external block list - You can use an external URL DB to extend your

block list. Please enter the profile name, external DB links such as

http://172.16.107.20/blacklist-files/myip-ebl.txt, and description.


Test Result

If you navigate to the malicious URLs and you would be blocked.


The event log would show Threat Filter block messages, too.


To test the URL and it would be identified as a malicious URL