EBL USG FLEX - whether it works properly

HUBERTKASPRZAK
HUBERTKASPRZAK Posts: 8  Freshman Member
First Comment
  • Hello, EBL in the H series has a problem with long txt files, I received new firmware, I'm testing it and I'm wondering if EBL should really work like that. After connecting the list, I hoped that the IP addresses from the list would be blocked similarly to security rules, and it works as follows: it passes the address through an open port and then blocks it, informing about the event in Reputation Filter -> Event Category -> External Block List.
  • There are no advantages to using EBL

Accepted Solution

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,526  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi @HUBERTKASPRZAK ,

    Great to hear that EBL is working for you!

    Currently, EBL rules apply to both incoming and outgoing connections. If you'd like more control over your connections, we recommend managing the EBL rules manually.

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,526  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @HUBERTKASPRZAK ,

    and it works as follows: it passes the address through an open port and then blocks it, informing about the event in Reputation Filter -> Event Category -> External Block List.

    Are you saying that the H firewall is currently functioning this way, and you believe it’s incorrect?

    To better assist you, could you please provide the following information:

    • The model name and firmware version of your H firewall
    • Your EBL long text file

    We’ll then attempt to reproduce the issue and determine the next steps.

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • HUBERTKASPRZAK
    HUBERTKASPRZAK Posts: 8  Freshman Member
    First Comment

    USG FLEX 200H Firmware 1.21(ABWV.0)C0 from 22/07/2024 will not work EBL as described https://community.zyxel.com/en/discussion/22819/usg-flex-h-series-external-block-list as well as the txt file https://lists.blocklist.de/lists/all.txt. I am now testing version V1.21(ABWV.0)ITS-24WK35-0828-240801545 on which EBL file.txt works. I was careful that if I connect the EBL list, it will block all addresses without passing it, a good solution would be for the user to be able to indicate the operation of the list on an incoming or outgoing connection. An incident from today, someone reported a Microsoft server to EBL, I had 700 instances in the Reputation Filter blocking connections to the update server

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,526  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi @HUBERTKASPRZAK ,

    Great to hear that EBL is working for you!

    Currently, EBL rules apply to both incoming and outgoing connections. If you'd like more control over your connections, we recommend managing the EBL rules manually.

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • HUBERT_KASPRZAK
    HUBERT_KASPRZAK Posts: 7  Freshman Member
    First Comment

    EBL can be managed manually, I expect that if I use a list, the addresses on it are not allowed by the device and the behavior is similar to the control principle. I don't see such a setting, and a person who is on the blacklist gets a rejection instead of a refusal. Which causes frequent attempts to further establish a connection with the device.Similarly, you need the ability to set the list to work only for incoming connections for 1 month. The Google and Microsoft addresses were entered 3 times, which resulted in hundreds of IP reputation hits.