We’ve had the request to support an external server held content blocking list. The idea would be to have the router reach out to an external server periodically to update the list of blocked (or whitelisted) sites.
2 Likes
+1, we can use adblock / ublock style lists for this. way easier to maintain.
1 Like
This would be great. In addition to benefiting from public curated lists (e.g. from ublock) for web blocking, companies would have more flexibility to automatically update their custom block list based on their own detected intrusions or exfiltration. If dynamic lists are available for inbound firewall rules too, it could help mitigate active DDoS attacks by automated detection and updating of the list.
Multiple companies could poll a list from a shared SOC vendor and benefit from early detection of new threats in their industry.
Palo Alto supports external dynamic lists (EDL), which can be added to the source or destination side of a firewall block rule. The external list is configured as a URL to fetch from at a set update interval. More info:
URL Filtering - Dynamic Block List - Palo Alto Networks
Fortinet implements the same feature with “threat feeds”:
External Block List (Threat Feed) – Policy | Fortinet Document Library
2 Likes
Great suggestion Topher, this could be particularly helpful for our first responder customers.
2 Likes