Feature request: more frequent GeoIP database updates

mMontana
mMontana Posts: 1,298  Guru Member
First Anniversary 10 Comments Friend Collector First Answer
edited March 2022 in Security
No the source DB... but the check from the devices; currently the DB update is once par week. 

Could be scheduled right after any reboot/gone online?
Could be scheduled at least twice or more par week?

All Replies

  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @mMontana
    Would you share us that is there any specific reason/application that need to update the GeoIP database more frequently than current? We'd like to learn. 

    Thank you.
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Update after going online-reboot.
    I currently do not know if the "storage" where the GeoIP db is stored is:
    • wiped or kept before reboot
    • accessible from both firmware images (or as security feature, replicated in both images)
    so if is needeed to reboot for whatever reason (firmware update, configuration rollback for instance?) I have no assurance I will capable of certify that the securty policies will be enforced as intended since the reboot with correct and updated data about the geoIP correlation.

    Also, allowing a scripted and/or a more frequent "check for update" of the geoIP db could restrict the timeframe of the staleness of the geoip data.
    As far as i know there's no "expected day" as for Microsoft patches for GeoIP updates. So if my device updates only monday at 5:am CET and the update of the db occours tuesday at 1 AM CET i'll have for six days the GeoIP db not fully updated with the modification published during tuesday.
  • Mario
    Mario Posts: 104  Ally Member
    First Anniversary 10 Comments Friend Collector Zyxel Certified Network Engineer Level 1 - Security
    in general, the place for the update of the geo-ip database is not logical.
    why is it not under licencse -> signature update, as all other signatures also?

    and I agree with @mMontana, firmware update are a "problem", since they include all the signatures from the build time of the firmware. in worst case you are running for about 1 week with very old signatures.

Security Highlight