Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 41 subscribers
  • Views 1838 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

mass-add & update IPs via API

mouk

Hi,

We have a daily updated list with many (varying between 50.000 and 60.000) IP addresses that we would like to 'blacklist' completely on our XG.

I am studying the API now, seems ti could do the job. But I would like to ask here for some feedback first.

What would be the best way to define those addresses in XG? I have seen the "IP host" def, that has a "IP list" type. But it is maximised to only 1000 IPs. :-(

I could add multiple IP host entries, each with 1000 IPs, but that would fill up many XG Hosts/Services pages with entries like blocked_iplist_1, blocked_iplist_2, etc.

So: what would be the best way to mass-block many IPs, update them daily, preferably using the API, and causing the least amount of 'pollution' in the regular XG web gui...?

Suggestions?



This thread was automatically locked due to age.
  • 0

    Hi,

    you could probably simplify your requirements by using a country blocking rule at the top of your firewall list.

    The assumption is your are trying to block outgoing, because incoming have to hit the firewall before they can be blocked?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    That would assume that those IPs would belong (mostly) to a country..? Or is there a way in XG to define a 'custom country', name the country 'large_list_of_IPs', and add my IPs to that country definition..?

    I am simply trying to block all comms from those IPs, much like this:

    https://github.com/trick77/ipset-blacklist

    Only then done directly on the XG.

  • 0 in reply to mouk

    If you check the physical address of some of those iP addresses you will find they come from specific countries so you can block that country and al its annoying IP addresses.

    The issue comes down to some annoying hackers user ASWS cserviers so you can't block them because you then block access to other friendly sites.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML