WSM to manage blocked sites and allow Managed Fireboxes to CLI/API for Blocked Sites

WSM does not currently manage blocked sites, but it would be great if it did. Typically, if you want to block a site/IP, you probably want to do it for the entire organization, not just a firewall at a time. Also, some 3rd party security partners could take advantage of semiautomated blocking by CLI/API, but as it stands today, CLI cannot be used if the unit is managed by WSM.

In general, I'd like to see all possibles thing that could be managed by WSM available, like Blocked Sites.

Please let me know your thoughts.

thx.

Answers

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Logan5
    I'd suggest looking into WatchGuard cloud. There are some API functions that might be what you're looking for.

    Blocked sites via CLI are intentionally per-firewall only.

    -James Carson
    WatchGuard Customer Support

  • I support this proposal, and expand it to include management by Dimension.

    There is sometimes a discrepancy between how Weblocker tags a site and its actual behaviour. In our case, there are sites categorised as an allowed category, but are actually behaving like Web Analytics (not allowed here). So we add them to the blocked sites list.

    There are also IP addresses that are consistently trying to enter our network, so we add these to the blocked list on the forward Firebox. This reduces the load on the other Fireboxes that are behind the forward Firebox.

    I don't have 40+ Fireboxes, but I do have a modest number of Fireboxes that are logically kept separate. So it takes time to move copies of Blocked Address lists between these fireboxes.

    Adrian from Australia

Sign In to comment.