Feature suggest: update GeoIP DB at boot for firewall

mMontana
mMontana Posts: 1,389  Guru Member
50 Answers 1000 Comments Friend Collector Fifth Anniversary
edited February 7 in Security

This is what happened to me…

My ISP is a phone provider operating in more than one country. Mobile and not. Currently is offloading some public IPv4 addresses frome one country to mine, and now I'm connected with one of "another country", now provided to mine.

I updated firmware in some appliances.
Some of the rules are for allowing VPN access only from my country.
After reboot, GEOip rules blocked me to access to the device.

This lead to unwanted behaviour: firewall working but blocking (instead of useful) GeoIP firewall rule.

This also could happen simply rebooting the device: GeoIP db provided with the firmware is dated… as firmware pack (not even release)

IVMHO, within 5/10 minutes from boot time, Firewall should automatically trigger GEOip db update. This could solve the issue in a "clean" and managable way. Packing firmware still with (or without) a GeoIP db available.

All Replies

  • lalaland
    lalaland Posts: 91  Ally Member
    First Answer First Comment Friend Collector Sixth Anniversary

    The GEO IP database doesn't undergo frequent changes.
    If triggered for an update every time the system boots up, wouldn't it cause system busyness?

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    AFAIK there's a compare between the one stored and the one available. Only after "acknowledgin" a fresher DB, should the download happen.

    GEO Ip db is stored into firmware.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,249  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @mMontana

    Many thanks for your valued suggestion. Currently, the Geo IP is database-based designment and can update it manually or weekly schedule.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    In the specific case, auto update was setup.

    However, without allowance to connection due to old geoip DB, i was not able to update manually.

    Usual chicken/egg problem unfortunate.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,249  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    OK, noted it. Thank you for your update.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Mario
    Mario Posts: 106  Ally Member
    Zyxel Certified Network Engineer Level 1 - Security First Comment Friend Collector Fifth Anniversary

    @mMontana

    I understand your point.
    an up-to-date version of all signatures should be supplied with at least every firmware release!
    after an update i always run an update of all signatures to reduce the attack surface.
    the firmware 5.73.2 from today delivers signatures from november 2023 😒

  • c777
    c777 Posts: 11
    First Comment Second Anniversary

    Hello,

    With a usg20w-vpn, I had 1 to 2 updates per week. But since March 11, nothing.

    Personally, I would have set up a daily schedule, even if the updates were happening once a week.

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    Today I updated the DB. And now it's 29/03 (29th of march)

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,249  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @mMontana

    OK, thank you for your update.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    UP!

    As far as i can see, ZLD 5.39 has been delivered with… 20150921 GeoIP database into firmware. I'm expecting at least than is updated the IP table within any firmware new release…

Security Highlight