Options
Permanently Blocked Site List
Hi
Are the IP ranges of blocked addresses kept up to date by Watchguard?
Today I have had to add an exception for a site that was in quite a large block of denied addresses
thanks
Tess
0
Best Answer
-
Options
WG has a Botnet feature which blocks access to/from IP addrs in their managed list.
You can find lists of Botnet IP addrs on the Internet
0
Sign In to comment.
Answers
Exactly what blocked addresses are you asking about
The list of Statically blocked IP addresses in WSM
Those are added by you
Default Packet Handling -> Blocked Sites
I certainly havent manually added the addresses, some of them are quite big ranges that i wouldnt add. I may have added single addresses to the block.
The WSM shows that the triggering source is 'configuration'.
Does that mean that they have been blocked at one time by a site one way or another trying to force access?
How am i supposed to evaluate what is added to save sites being blocked unnecessarily
Where are you seeing these?
Firebox System Manager -> Blocked Sites ?
Yes
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/system_status/stats_blocked_sites_web.html
It is these that i am talking about:-
Blocked sites with a Reason of Static Blocked IP, and an Expiration of Never Expire are permanently blocked. You cannot delete or edit a permanently blocked site from this page.
Are you saying that i added everything in this list.
I have had the firebox for many years and i'm pretty sure i havent added all these addresses.
What is the best practice for keeping these up to date. Should I from time to time delete all entries and let the Firebox re-add them?
Yes, that is what I am saying
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/intrusionprevention/blocked_sites_about_c.html
Hi Bruce. I understand how to setup the auto-block IPs attempting to connected to blocked ports.
What i cant figure out is how I know if the permanently blocked IPs in the list are out of date and need to be removed.
Would you recommend a clean slate approach or is there a list of sites that Watchguard deems to be insecure that I can import?
You added them for whatever reason.
You can add comments to an entry to say why you added it and when.
I do
yes I have added comments the ones that I manually added, it is the ones that were auto added that i wasnt sure about
I am not aware of any WG list like that.
Oh dear. I think I may have lots of permanently blocked sites that are no longer needed.
I will have a review of them.
Does Watchguard provide a list of sites that they recommend should be permanently blocked?
I seem to remember importing a list way back, in fact, i have just found the list. It possibly wasn't an official list, it is from 2017!!