any way to sync blocked IP's with external sources? (USG range)

Emerald
Emerald Posts: 36  Freshman Member
First Comment Fifth Anniversary
in Security
Hi, just wondering if there is any way i can sync with external block lists?
I notice "Enable URL Blocking For External DB" in URL filter

IE - If i block a IP on one device (or service) can it populate to others, from external lists such as https://security.microsoft.com/tenantAllowBlockList

Thanks in advance

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @Emerald,

    Not just only External URL block list, we also support External IP Block list.
    It is at "CONFIGURATION > Security Service > Reputation filter".

  • Emerald
    Emerald Posts: 36  Freshman Member
    First Comment Fifth Anniversary
    edited January 2023
    thanks,

    so im looking i see it has to bee a txt file with addresses in /24

    however i cant see any online services that offer this. Most of them are done with API.
    Closest i can find it this > https://isc.sans.edu/block.txt

    have also tried
    and

    can you point me to any databases that are actually in tis format that will work with zyxel please?




  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @Emerald,

    The external block list file must be in text format (*.txt) with each entry separated by a new line.
    External block list entries can consist of single IPv4 / IPv6 IP addresses, IP address ranges, CIDR (Classless Inter-Domain Routing entries such as 192.168.1.1/24, 2001:7300:3500::1/64.
    These are some examples for your reference only:
    4.4.4.4
    192.168.1.0/32
    If the external block list file contains any invalid entries, the Zyxel Device will not use the file.
    The external block list file can contain up to 50,000 entries. A warning message displays when the maximum is reached.
  • Emerald
    Emerald Posts: 36  Freshman Member
    First Comment Fifth Anniversary
    Ive made my own txt and hosted it still no good.

    i get > URL Threat Filter EBL signature update has finished.

    then in logs i see this >>>

    33
    2023-01-20 13:19:54
    warn
    URL Threat Filter
    Download external Domain Block List fail, URL Threat Filter license is expired o

    All services are activated and up to date under "licencing \ registration"


Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)