V4.60 External Black List
Hello,
V4.60 has introduced a new option in Security Service > Reputation Filter > IP Reputation for External Black List
Could I get an example of a blacklist which works with this option? I am unsure what the source format should look like.
I'd also like to call out that the help pages are currently returning a 404. For example, the one for this new blacklist
http://webhelp.zyxel.com/search.action?model=ATP500&majVer=V4.60&minVer=&fwID=ABFU&lang=EN&hash=context/Help/SecurityService_ReputationFilter_IPReputation_ExternalBlackList&help_version=2
V4.60 has introduced a new option in Security Service > Reputation Filter > IP Reputation for External Black List
Could I get an example of a blacklist which works with this option? I am unsure what the source format should look like.
I'd also like to call out that the help pages are currently returning a 404. For example, the one for this new blacklist
http://webhelp.zyxel.com/search.action?model=ATP500&majVer=V4.60&minVer=&fwID=ABFU&lang=EN&hash=context/Help/SecurityService_ReputationFilter_IPReputation_ExternalBlackList&help_version=2
0
Accepted Solution
-
@bkuschel
Regarding to detect mechanism of URL Threat Filter,
the device mainly scan hostname.
Here is an example as your reference,
create txt file with office365.login.microsoftonline.com.boffic.com as context.
Therefore, on this situation, the hostname will be office365. Not login.microsoftonline.com.
You can check the result as below
5
All Replies
-
@bkuschel
Regarding to external black list,Enter the exact file name, path and IP address of the server containing the black list file.For example, http://172.16.107.20/blacklist-files/myip-ebl.txtThe web help is working now. You can check it.0 -
Thank you @Zyxel_Charlie. I can get to the online help now.I do notice a potential issue for the URL threat filter blacklist. A blacklist I linked included the following URLoffice365.login.microsoftonline.com.boffic.combut it is matchinglogin.microsoftonline.comeven without wildcards.
Would it be correct to say this is not the intended behavior?
0 -
@bkuschel
Regarding to detect mechanism of URL Threat Filter,
the device mainly scan hostname.
Here is an example as your reference,
create txt file with office365.login.microsoftonline.com.boffic.com as context.
Therefore, on this situation, the hostname will be office365. Not login.microsoftonline.com.
You can check the result as below
5 -
@bkuschel
The issue has been confirmed, so we will have solution in next release.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight