USG FLEX H Series - External Block List

Zyxel_Richard

USG FLEX H Series - External Block List

Overview

The External Block List (EBL) is a feature that allows the firewall to import a text file hosted on an external web server. This block list contains IP addresses or URLs that should be blocked by the firewall. This is useful for enhancing security by preventing access to known malicious sites or IP addresses.

Use Cases

• Enhanced Security: Use external block lists provided by security organizations to block known malicious IP addresses or domains.
• Custom Block Lists: Organizations can create and host their own block lists tailored to their specific security needs.

Supported Formats

IP Reputation

• Single IP: e.g., 1.1.1.1
• CIDR: e.g., 1.1.1.0/24
• IP Range: e.g., 1.1.1.10-1.1.1.20

DNS or URL Threat Filter

• Domain Names with Wildcards: e.g., *.example.com
• Full URL Path and Host Name: e.g., http://example.com/path
• HTTP and HTTPS URLs: e.g., https://example.com

Configuration Steps

• Access External Block List:
  • Go to Security Service > External Block List.
• Create a New Profile:
  • Click on Create New Profile.
  • Enter a name for the profile, e.g., External Block List 1.
• Enter the URL:
  • Input the URL where the block list is hosted, e.g., https://api.blocklist.de.
  • Add a description if necessary.
• Apply Settings:
  • Click on the checkbox to enable the profile.
  • Click Apply.

Verification and Testing

Content Filtering:

• Go to Content Filtering.
• Use the IP or URL Tester to verify if an IP or URL is blocked by the external block list.

Reputation Filter:

• Enter the IP or URL to check if it is blocked.

Updating the Block List

Manual Update:

• Go to External Block List.
• Click on Update Signature Now.

Auto Update Schedule:

• Configure the auto-update schedule to update the block list hourly, daily, or weekly.
• Set the specific time for daily updates or select the day and time for weekly updates.

Logging and Error Handling

Event Logs:

• Go to Event Logs.
• Filter by the category External Block List.

Update Status:

• Check for entries indicating the update status of the block list.
• Example log entry: Update successful or Error parsing IP reputation on line 1000.

Error Handling:

• The UOS will log errors but continue processing valid entries.
• Example: If line 1000 has an invalid format, the system logs the error but continues to process lines 1001 to 1505.

Comparison with ZLD

Supported Services:

• ZLD: Supports IP reputation and URL threat filter.
• UOS: Supports IP reputation, DNS threat filter, and URL threat filter.

Error Handling:

• ZLD: Stops importing upon detecting an incorrect format or maximum number of entries.
• UOS: Logs errors and continues to upload valid entries, skipping lines with invalid formats.

Summary

The External Block List (EBL) feature in the USG FLEX H Series allows for the import and use of external block lists to enhance network security. By supporting various formats and providing robust update mechanisms, this feature ensures that networks can dynamically block access to known malicious IP addresses and URLs. Additionally, the improved error handling in UOS ensures that valid entries are not missed due to a few formatting errors.