Chapter 40 Reputation Filter
ZyWALL Series CLI Reference Guide
328
40.1.1 Signature Database Priority
The Zyxel Device checks the URL Threat Filter signature databases in the following order:
1. White List
2. Black List
3. External Black List
4. Local Signature Database
5. Cloud Query Cache
6. Cloud Query
The Zyxel Device checks the DNS Threat Filter signature databases in the following order:
1. White List
2. Black List
3. Local Signature Database
4. Cloud Query Cache
5. Cloud Query
40.2 IP Reputation Commands
The following table describes general IP reputation commands. You must use the configure
terminal
command to enter the configuration mode before you can use these commands.
Table 176 IP Reputation Commands
COMMAND DESCRIPTION
[no] security-service ip-
reputation activate
Enables the IP reputation filtering service on the Zyxel Device.
The no command disables the IP reputation filtering service.
show security-service
status
Displays whether security services such as IP reputation filtering are
enabled on the Zyxel Device.
ip-reputation action {block
| pass}
Sets what action the Zyxel Device takes when a packet arrives from an IPv4
address with a bad reputation.
pass: The Zyxel Device allows the packet to go through.
block: The Zyxel Device denies the packet, and then sends a TCP RST to
both the packet sender and receiver.
ip-reputation action-level
{high | medium | low}
Sets the threshold threat level to which the Zyxel Device will take action
(high, medium, and low).
The threat level is determined by the IP reputation engine. which grades
IPv4 addresses.
• high: An IPv4 address that scores 0 to 20 points.
• medium: An IPv4 address that scores 0-60 points.
• low: An IPv4 address that scores 0-80 points.
[no] ip-reputation log
[alert]
The Zyxel Device creates a log message and sends an optional alert when
packets arrive from an IPv4 address with a bad reputation.
[no] ip-reputation log-all
The Zyxel Device creates a log message each time an IPv4 address is
scanned using IP reputation.
show ip-reputation status
Displays the action and log settings for IP reputation.
show ip-reputation
signatures date
Displays the date and time the signature set was released.
To Next Page
Loading...
