Block IP's using Blacklist/Blocklist Service
Support the use of Blacklists/blocklists. Note that this feature was requested at link below and apparently Sophos thought that ATP would satisfy the need, however it does not provided the requested functionality, Therefore I am re-posting this as a new suggestion.
The old suggestion was marked as implemented by the ATP feature; however ATP is not what was wanted and generates too many false alerts. This is the prior feature request: http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/1982075-network-security-block-malicious-botnet-bad-ip-s
Plain and simple: We want support for blocklists. Such as those found here: https://www.iblocklist.com. I would also like to specify a blocklist per network. So for example my Guest Network could gets one set of blocklists, and my Data LAN network would get a different set, and specific Host PCs could get other sets.
Network Engineer III
Sophos UTM Architect
Sophos VIP Partner
Any update to this feature?
Bendeguz Paksy commented
Is there no plan to implement this?
This is a significant gap in the capabilities of an otherwise fine piece of equipment.
Tell marketing that if this is not closed within the next few months, we're going to be shopping replacements for our UTM's.
Duncan Newell commented
Need a way to import a large number of IP's this is required by lots of people.
Raising the request up again.
Still waiting. Its becoming to be silly...
After many years, this feature is still not implemented in a UTM while other free firewalls do it flawlessly.
I'm ready and willing to pay for a feature like this that others offer for free.
there are currently firewall vendor that the block list is part of there product feature. As admin of firewall you should be able to create your own list and feed to the firewall to drop the traffic or uses different vendor that have created there own list. to name few firewall company PAN, FTD, Fortinet, Checkpoint
Tristen Robinson commented
waiting for this desperately!!!
I've been desperately waiting for this for years. Every week I get portscanned, and the messages fill my inbox (Another issue Sophos needs to address). Also, I'm noticing I get "Webadmin webserver is not running" messages, and the UTM reboots IMMEDIATELY BEFORE a portscan. It would be nice to just block known hooligans. Why not? https://www.abuseipdb.com has a free API
Peter Evertz commented
Great Idea and really missing! See also http://ideas.sophos.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/5415110-global-bot-script-kiddie-brute-force-ip-blackl
which has many votes.
It would be a great feature!
Adding customized and automatic updating IP blocklists is a very great idea.
Jim Dossey commented
Great idea! I would like to expand on this a bit. To make a "IP block list" now you have to create a Host definition in Network Definitions for each IP you want to block. Then you have to add each of those to a group. It would be much easier if we could create an "IP Group" and just add IP's to a list directly. Then we wouldn't need a Host definition for each IP address.
yes, very nice. would be also nice if we can use blocklists for nat rules too
Justin How commented