[ATP/FLEX] How to set up IP Reputation on Nebula

Zyxel_Jeff

Nebula Control Center provides the IP Reputation that can avoid users to navigate malicious IP addresses and URLs and allows the administrator to manage which IP addresses can be navigated or not. You can create an IP Reputation profile in the security service path on Nebula and this article will guide you how to deploy it.

Configuration steps

1. Navigate to Configure > Firewall > Security Service, enable the IP Reputation profile and edit it.

2. Configure IP Reputation profile

Enabled – Turn ON/OFF the IP Reputation feature.

Log –  Create an event log when the device detects a connection attempt to access the IP addresses of the specified categories in the IP Reputation profile.

Policy- Block or pass traffic while detecting malicious IP addresses.

Threat level threshold- Select the threat level threshold for “High”, “Medium and above”, “Low and above”.

Test Category– You can type the IP address on this field to test it if a malicious IP address.

Category list – You can enable the malicious categories that you would like to block it such as: Anonymous Proxies, Denial of Service, Exploits, Negative Reputation, Scanners, Spam Sources, Tor Proxies, Web Attacks, Phishing, BotNets, etc.

Block list – Enter the IP addresses list that you would like to block.

Allow list - Enter the IP addresses list that you would like to bypass.

External block list - You can use an external URL DB to extend your

block list. Please enter the profile name, external DB links such as

http://172.16.107.20/blacklist-files/block-IP-addresses.txt , and description.

Schedule update– To enable daily or weekly update from the External DB.

Test Result

Once you try to navigate a malicious IP address and the traffic would be blocked.

The event log would show IP Reputation block messages, too.

You can type the IP address on the Test Category field to inquire if it belongs to a malicious IP address. In this example, the IP address belongs to a high threat level malicious IP address and its IP Reputation Category belongs to Anonymous Proxies, Phishing, BotNets, Exploits.