USG FLEX H series external block list records limit
Ally Member
Hello,
The online guide and the PDF manual for the H-series firewalls specify that there is a limit of 50,000 records for external block lists.
On Nebula, I haven't seen this limitation mentioned anywhere.
Does this limitation apply to both on-premises and Nebula deployments for the H series?
If so, would it be possible to remove this limitation? These lists usually have far more than 50,000 records...
Thank you
Accepted Solution
-
Hi @Mk88_it,
Thank you for sharing the specific lists.
To answer your question: The 50,000-record limit for external block lists applies to the H-series in both on-premises and Nebula deployments. This is a fixed system specification for custom external lists at this time.
Since the lists you mentioned significantly exceed this limit, we recommend a "hybrid" approach using the IP Reputation service (included in the Gold Security Pro pack):
- Built-in Capacity: The IP Reputation service provides a pre-defined database of over 700,000 entries. It is specifically designed to handle the scale of global threat intelligence that you are looking for.
- Custom Flexibility: You can reserve the 50,000-record external list slots for specialized or private lists that are not covered by global threat databases.
This way, you can achieve the security coverage you need without being restricted by the manual import limit.
Zyxel Tina
0
Zyxel Employee
All Replies
-
Hi @Mk88_it,
Regarding your request to remove this limitation, may I first ask what your use case is and approximately how many records you would need for the external block lists?
Zyxel Tina
0 -
Hello @Zyxel_Tina Yes, It's easy I would like to connect my lists to improve the security preventing inbound and outbound connections to known bad IPs and DNS name. For example these list have all over 50k records
GitHub - bitwire-it/ipblocklist: IP lists full of bad IPs - Updated every 2H · GitHub
1 -
Hello @Zyxel_Tina do you have something for me?
0 -
Hi @Mk88_it,
Thank you for sharing the specific lists.
To answer your question: The 50,000-record limit for external block lists applies to the H-series in both on-premises and Nebula deployments. This is a fixed system specification for custom external lists at this time.
Since the lists you mentioned significantly exceed this limit, we recommend a "hybrid" approach using the IP Reputation service (included in the Gold Security Pro pack):
- Built-in Capacity: The IP Reputation service provides a pre-defined database of over 700,000 entries. It is specifically designed to handle the scale of global threat intelligence that you are looking for.
- Custom Flexibility: You can reserve the 50,000-record external list slots for specialized or private lists that are not covered by global threat databases.
This way, you can achieve the security coverage you need without being restricted by the manual import limit.
Zyxel Tina
0
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 228 Nebula Ideas
- 130 Nebula Status and Incidents
- 6.6K Security
- 643 USG FLEX H Series
- 357 Security Ideas
- 1.8K Switch
- 86 Switch Ideas
- 1.4K Wireless
- 54 Wireless Ideas
- 7K Consumer Product
- 303 Service & License
- 496 News and Release
- 93 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.9K FAQ
- 34 Documents
- 89 About Community
- 110 Security Highlight
