Use External Block List only option

Options
PeterUK
PeterUK Posts: 4,335 image  Guru Member
250 Answers 2500 Comments Friend Collector Eighth Anniversary
in Security Ideas

Very simple really a option to use only External Block List for IP Reputation filter

4
Up Down
4 votes

Active · Last Updated

Comments

  • Zulgrib
    Zulgrib Posts: 48 image  Freshman Member
    First Answer First Comment Friend Collector Fifth Anniversary

    Make it per filter rule and not global please.

    Good idea for compliance.

  • Zyxel_Tina
    Zyxel_Tina Posts: 523 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers 500 Comments

    Hi @PeterUK,

    To better understand your request, could you clarify if you mean enabling the External Block List for IP Reputation to work even when the main IP Reputation filter is disabled?

    Since some users may not have seen your previous comment in other threads, to help everyone understand the purpose of this request, could you please share more details here? It would also help if you could share the motivation or use case behind this—any details on your scenario would assist us in evaluating this feature request.

    Zyxel Tina

  • PeterUK
    PeterUK Posts: 4,335 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary

    hi Tina

    Yes that would be one way or the option in main IP Reputation filter with it enabled and only to use the External Block List but your suggested way might be better.

    From what I know the main IP Reputation filter query the cloud and caches the if it should be allowed or not but with External Block List when you download the list is it on the USG or does it upload to the cloud for offload if its a big list?

  • Zyxel_Tina
    Zyxel_Tina Posts: 523 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers 500 Comments

    Hi @PeterUK,

    Thank you for your feedback! We will be monitoring the votes and comments as part of our evaluation process.

    To answer your question about where the data resides: The IP Reputation filter queries the cloud and stores the signature locally on the device. Also, once you update the External Block List, the list is downloaded to the device's local memory but will not be uploaded to the cloud for offloading. The USG FLEX H handles the filtering locally based on the downloaded entries.

    Zyxel Tina

  • Zyxel_Tina
    Zyxel_Tina Posts: 523 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers 500 Comments

    Hi @PeterUK,

    Regarding the request to use only the External Block List as the filter while IP Reputation is disabled, please note that IP Reputation and its External Block List are designed as licensed security services—they cannot be used independently.

    As a workaround, please set the IP Reputation action to Pass, then enable the External Block List. This lets you use only your custom External Block List to detect malicious IPs, bypassing the main reputation filter's blocking.

    image.png image.png

    Thank you for your understanding!

    Zyxel Tina

  • PeterUK
    PeterUK Posts: 4,335 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    edited January 8

    Understood about the license Tina

    But the workaround (not tried yet but sure it works) seems confusing that by saying action to Pass would seem it pass all including External Block List.

    Could this be improved such that there is a option showing “Action for External Block List”.

    Thanks

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)