Hi there, I work for a medium sized business and we use an SG310 running UTM 9.5. Lately we've had lots of complaints that customers are getting a forbidden error when trying to access our website. When I go into the log, they're all getting blocked due to poor reputation. For a few users that I've interacted with, granting their wan IP an exception to "Block clients with bad reputation" fixed the issue.
However, this is happening more and more and I'm honestly not happy with the RBL our Sophos is currently using. TONS of false positives. Could I get some advice?
1. Where do I go to change which RBL it uses for the reputation check on the WAF?
2. Do you guys have a recommended RBL?
3. Is turning the reputation check off altogether a bad idea?
Thanks,
Dan
This thread was automatically locked due to age.
