Feature suggest: update GeoIP DB at boot for firewall
This is what happened to me…
My ISP is a phone provider operating in more than one country. Mobile and not. Currently is offloading some public IPv4 addresses frome one country to mine, and now I'm connected with one of "another country", now provided to mine.
I updated firmware in some appliances.
Some of the rules are for allowing VPN access only from my country.
After reboot, GEOip rules blocked me to access to the device.
This lead to unwanted behaviour: firewall working but blocking (instead of useful) GeoIP firewall rule.
This also could happen simply rebooting the device: GeoIP db provided with the firmware is dated… as firmware pack (not even release)
IVMHO, within 5/10 minutes from boot time, Firewall should automatically trigger GEOip db update. This could solve the issue in a "clean" and managable way. Packing firmware still with (or without) a GeoIP db available.
All Replies
-
The GEO IP database doesn't undergo frequent changes.
If triggered for an update every time the system boots up, wouldn't it cause system busyness?0 -
AFAIK there's a compare between the one stored and the one available. Only after "acknowledgin" a fresher DB, should the download happen.
GEO Ip db is stored into firmware.
0 -
Hi @mMontana
Many thanks for your valued suggestion. Currently, the Geo IP is database-based designment and can update it manually or weekly schedule.
0 -
In the specific case, auto update was setup.
However, without allowance to connection due to old geoip DB, i was not able to update manually.
Usual chicken/egg problem unfortunate.
0 -
OK, noted it. Thank you for your update.
0 -
I understand your point.
an up-to-date version of all signatures should be supplied with at least every firmware release!
after an update i always run an update of all signatures to reduce the attack surface.
the firmware 5.73.2 from today delivers signatures from november 2023 😒0 -
Hello,
With a usg20w-vpn, I had 1 to 2 updates per week. But since March 11, nothing.
Personally, I would have set up a daily schedule, even if the updates were happening once a week.
0 -
Today I updated the DB. And now it's 29/03 (29th of march)
1 -
Hi @mMontana
OK, thank you for your update.
0
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 79 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 909 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight