EBL USG FLEX - whether it works properly
- Hello, EBL in the H series has a problem with long txt files, I received new firmware, I'm testing it and I'm wondering if EBL should really work like that. After connecting the list, I hoped that the IP addresses from the list would be blocked similarly to security rules, and it works as follows: it passes the address through an open port and then blocks it, informing about the event in Reputation Filter -> Event Category -> External Block List.
- There are no advantages to using EBL
Accepted Solution
-
Hi @HUBERTKASPRZAK ,
Great to hear that EBL is working for you!
Currently, EBL rules apply to both incoming and outgoing connections. If you'd like more control over your connections, we recommend managing the EBL rules manually.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0
All Replies
-
Hi @HUBERTKASPRZAK ,
and it works as follows: it passes the address through an open port and then blocks it, informing about the event in Reputation Filter -> Event Category -> External Block List.
Are you saying that the H firewall is currently functioning this way, and you believe it’s incorrect?
To better assist you, could you please provide the following information:
- The model name and firmware version of your H firewall
- Your EBL long text file
We’ll then attempt to reproduce the issue and determine the next steps.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
USG FLEX 200H Firmware 1.21(ABWV.0)C0 from 22/07/2024 will not work EBL as described https://community.zyxel.com/en/discussion/22819/usg-flex-h-series-external-block-list as well as the txt file https://lists.blocklist.de/lists/all.txt. I am now testing version V1.21(ABWV.0)ITS-24WK35-0828-240801545 on which EBL file.txt works. I was careful that if I connect the EBL list, it will block all addresses without passing it, a good solution would be for the user to be able to indicate the operation of the list on an incoming or outgoing connection. An incident from today, someone reported a Microsoft server to EBL, I had 700 instances in the Reputation Filter blocking connections to the update server
0 -
Hi @HUBERTKASPRZAK ,
Great to hear that EBL is working for you!
Currently, EBL rules apply to both incoming and outgoing connections. If you'd like more control over your connections, we recommend managing the EBL rules manually.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
EBL can be managed manually, I expect that if I use a list, the addresses on it are not allowed by the device and the behavior is similar to the control principle. I don't see such a setting, and a person who is on the blacklist gets a rejection instead of a refusal. Which causes frequent attempts to further establish a connection with the device.Similarly, you need the ability to set the list to work only for incoming connections for 1 month. The Google and Microsoft addresses were entered 3 times, which resulted in hundreds of IP reputation hits.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight