Reputation Filter blocks GMail?
Ally Member
We're starting to roll out ATP's to larger SMBs with 400+ Mbps Internet. Have really enjoyed setting them up and watching how they perform.
That said - the IP Reputation Phishing filter is pretty rough. We turned it on and saw tons of logs (Blocked Phishing) from desktops. Turns out the blocked IPs were Google IPs related to GMail and clients couldn't login properly (or render the full GMail interface). Yes - the IPs in question were listed on Maltiverse for Phishing, but seems like GMail's IP blocks would be pretty much whitelisted. So we turned off the Phishing & Anonymous Proxies check for now and we'll see how things progress.
Like SSL Inspection - we'll build up an exclusion list and see if we can tune them to allow these useful features to be enabled fully...
Comments
-
That said - if you aren't using Maltiverse to check IPs - really quick way to get access about IP addresses and some known threats. You can even cut/paste entire log file snippets into their threat analyzer and get quick run downs of the IPs in question:
This was one of the IPs getting blocked repeatedly by the reputation filter - that belongs to Google/GMail.
0 -
Hi @itxnc,
The malicious IP 172.217.13.238 is submitted to cloud service white list for analysis.
It may take 3~5 days to check this IP.
After the reported malicious IP is verified, the IP 172.217.13.238 will be removed in the next signature release of IP reputation.
0 -
We are seeing the same thing with photos.google.com, news.google.com all blocked by IP Reputation. How do we submit the ips fro review?
0 -
Hi @travisb,
We are working on reviewing the IP addresses of Google services and we will add them to white list in the upcoming signature release.
1 -
We also had this issue today, reputation filter blocking pretty much all Google services.. docs, calendar, drive etc... of course all different IP addresses.
Any update on when we might get the new signature release?
0 -
Hi @itxnc,
The IP 172.217.13.238 is added to white list and doesn't belong to phishing category.
Update IP Reputation signature to the latest version and remove this IP from the white list.
For all other Google services, the new signature release which enhances this part will be available by Dec. 30th.
1 -
IP Reputation Filter still blocking all google services (news,photos,drive,etc) using the following signatures. Tech support recommends unchecking phishing protection until issue is resolved.
IP Reputation
1.0.0.20200205.0
2020-02-04 10:34:18 (UTC-08:00)
2020-02-05 03:48:01
0 -
172.217.14.238
172.217.3.206
0
Zyxel Employee
Freshman Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
