On site reputation filter allow list only

PeterUK · December 2025

So here the thing I can't use the reputation filter due to a problem with FLEX connecting to the servers (routeing Zywall out a given WAN if you have more then one) to check but at the same time what if you want to fully control what is allowed and whats not sure you could add a option to check Allow List only but if you have like 600 like I do with FQDN which has caused a ping problem which may or may not be solvable still hope it can be.

Then I had this idea the reputation filter goes off to check by your server if safe or not SO why not a option to connect to a on site server by HTTP/HTTPS to check a file by are allowed list.

So really it would need to be a datebase query so a simple server software that Zyxel could do to ack as the on site reputation filter would be needed.

Zulgrib · December 2025

If you need a DNS allow list, maybe dnsmasq could be a better solution.

The firewall could filter outgoing DNS request to force users to use your dnsmasq server.

PeterUK · December 2025

I currently run bind for DNS and I want the DNS to be free but then limited by the FLEX H it could use the URL scanning on HTTPS for the allow list and Entry Defense Pack for this would be get my attention. Currently using FQDN for the allow list but run into ping spike problems

Zulgrib · December 2025

I have a setup where depending on the source VLAN, different dnsmasq servers are allowed. One is allowlist only, the other is free + managing internal domain forwarding (yes, you can forward domains on the USG, with limitations I sadly hit). You allow which address can contact which DNS with the USG filtering rules.

Filtering HTTP(S) and not DNS will allow bypassing your filtering.

PeterUK · December 2025

I wish for the USG to do the job of being the control Zulgrib which we have all this filter to block but not allow whats needed.

On site reputation filter allow list only

Active · Last Updated December 2025

Comments

Categories

Security Help Center