Feature suggest: update GeoIP DB at boot for firewall
This is what happened to me…
My ISP is a phone provider operating in more than one country. Mobile and not. Currently is offloading some public IPv4 addresses frome one country to mine, and now I'm connected with one of "another country", now provided to mine.
I updated firmware in some appliances.
Some of the rules are for allowing VPN access only from my country.
After reboot, GEOip rules blocked me to access to the device.
This lead to unwanted behaviour: firewall working but blocking (instead of useful) GeoIP firewall rule.
This also could happen simply rebooting the device: GeoIP db provided with the firmware is dated… as firmware pack (not even release)
IVMHO, within 5/10 minutes from boot time, Firewall should automatically trigger GEOip db update. This could solve the issue in a "clean" and managable way. Packing firmware still with (or without) a GeoIP db available.
All Replies
-
The GEO IP database doesn't undergo frequent changes.
If triggered for an update every time the system boots up, wouldn't it cause system busyness?0 -
AFAIK there's a compare between the one stored and the one available. Only after "acknowledgin" a fresher DB, should the download happen.
GEO Ip db is stored into firmware.
0 -
Hi @mMontana
Many thanks for your valued suggestion. Currently, the Geo IP is database-based designment and can update it manually or weekly schedule.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
In the specific case, auto update was setup.
However, without allowance to connection due to old geoip DB, i was not able to update manually.
Usual chicken/egg problem unfortunate.
0 -
OK, noted it. Thank you for your update.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
I understand your point.
an up-to-date version of all signatures should be supplied with at least every firmware release!
after an update i always run an update of all signatures to reduce the attack surface.
the firmware 5.73.2 from today delivers signatures from november 2023 😒0 -
Hello,
With a usg20w-vpn, I had 1 to 2 updates per week. But since March 11, nothing.
Personally, I would have set up a daily schedule, even if the updates were happening once a week.
0 -
Today I updated the DB. And now it's 29/03 (29th of march)
1 -
Hi @mMontana
OK, thank you for your update.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
UP!
As far as i can see, ZLD 5.39 has been delivered with… 20150921 GeoIP database into firmware. I'm expecting at least than is updated the IP table within any firmware new release…
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight