External Dynamic Lists for Rules

I have seen a few others on reddit and other public forums discussing this. I come from Palo Alto firewalls and I'm used to building policies for somethings using an EDL (External Dynamic List).

One primary use case for this is to specifically deny Tor exit nodes for all my inbound policies and including the block sites list. Which I can copy the Tor feed, but it updates and is dynamic. There is also many other EDL lists uses cases for hooking into for various kind of feeds. I do already have it set to temporarily block unhandled packets and that is good. But I want it where my webservers/ftp etc is blocked from these nodes as our business doesn't require any Tor based traffic.

Some examples of of what you can do -

Example 1

Example 2

Similar request on Reddit

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @AschildmeyerSTR
    If you're looking to block TOR specifically, I'd suggest checking out Application Control feature, which has definitions for it.

    There is an existing open feature request for a feature like this. The request ID is FBX-17962. If you'd like to follow it, please open a support case and mention FBX-17962 somewhere in the case description. The technician can set the case up to track that for you.

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • @James_Carson said:
    Hi @AschildmeyerSTR
    If you're looking to block TOR specifically, I'd suggest checking out Application Control feature, which has definitions for it.

    There is an existing open feature request for a feature like this. The request ID is FBX-17962. If you'd like to follow it, please open a support case and mention FBX-17962 somewhere in the case description. The technician can set the case up to track that for you.

    Thank you,

    Thanks again James. Yeah I have the outbound rules for it and they do work from client to internet. My big thing is I need them on inbound from inbound to FTP/Web/VPN etc. We've had a few incidents in the past with Tor exit nodes and we just want them blocked from seeing us all together.

    I'll for sure sign up to follow that feature.

    Adam

  • Just to hijack this thread, and apologies for mentioning another vendor; Fortinet have a similar feature with their appliances where you can pick and choose dynamic list services to allow/deny or monitor.

    Having something similar on the WG side would be very beneficial.

    Understand the Application Control side, but you can only use this for Outbound traffic leaving your internal network, not for Incoming Traffic to the Firebox.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @DaveDave

    Application Control can be used in both directions, there's no limitation on that.

    If this feature would be beneficial for you, I'd suggest opening a support case and mentioning that feature request ID (FBX-17962.) That will track it for you automatically, and also add another interested party/case linked to that request in our system.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.