Are the IP ranges of blocked addresses kept up to date by Watchguard?
Today I have had to add an exception for a site that was in quite a large block of denied addresses
WG has a Botnet feature which blocks access to/from IP addrs in their managed list.
You can find lists of Botnet IP addrs on the Internet
Exactly what blocked addresses are you asking about
The list of Statically blocked IP addresses in WSM
Those are added by you
Default Packet Handling -> Blocked Sites
I certainly havent manually added the addresses, some of them are quite big ranges that i wouldnt add. I may have added single addresses to the block.
The WSM shows that the triggering source is 'configuration'.
Does that mean that they have been blocked at one time by a site one way or another trying to force access?
How am i supposed to evaluate what is added to save sites being blocked unnecessarily
Where are you seeing these?
Firebox System Manager -> Blocked Sites ?
It is these that i am talking about:-
Blocked sites with a Reason of Static Blocked IP, and an Expiration of Never Expire are permanently blocked. You cannot delete or edit a permanently blocked site from this page.
Are you saying that i added everything in this list.
I have had the firebox for many years and i'm pretty sure i havent added all these addresses.
What is the best practice for keeping these up to date. Should I from time to time delete all entries and let the Firebox re-add them?
Yes, that is what I am saying https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/intrusionprevention/blocked_sites_about_c.html
Hi Bruce. I understand how to setup the auto-block IPs attempting to connected to blocked ports.
What i cant figure out is how I know if the permanently blocked IPs in the list are out of date and need to be removed.
Would you recommend a clean slate approach or is there a list of sites that Watchguard deems to be insecure that I can import?
You added them for whatever reason.
You can add comments to an entry to say why you added it and when.
yes I have added comments the ones that I manually added, it is the ones that were auto added that i wasnt sure about
I am not aware of any WG list like that.
Oh dear. I think I may have lots of permanently blocked sites that are no longer needed.
I will have a review of them.
Does Watchguard provide a list of sites that they recommend should be permanently blocked?
I seem to remember importing a list way back, in fact, i have just found the list. It possibly wasn't an official list, it is from 2017!!