Reputation Filter blocks GMail?

itxncitxnc Member Posts: 46  Freshman Member

We're starting to roll out ATP's to larger SMBs with 400+ Mbps Internet. Have really enjoyed setting them up and watching how they perform.

That said - the IP Reputation Phishing filter is pretty rough. We turned it on and saw tons of logs (Blocked Phishing) from desktops. Turns out the blocked IPs were Google IPs related to GMail and clients couldn't login properly (or render the full GMail interface). Yes - the IPs in question were listed on Maltiverse for Phishing, but seems like GMail's IP blocks would be pretty much whitelisted. So we turned off the Phishing & Anonymous Proxies check for now and we'll see how things progress.

Like SSL Inspection - we'll build up an exclusion list and see if we can tune them to allow these useful features to be enabled fully...

Comments

  • itxncitxnc Member Posts: 46  Freshman Member

    That said - if you aren't using Maltiverse to check IPs - really quick way to get access about IP addresses and some known threats. You can even cut/paste entire log file snippets into their threat analyzer and get quick run downs of the IPs in question:

    This was one of the IPs getting blocked repeatedly by the reputation filter - that belongs to Google/GMail.

  • Zyxel_EmilyZyxel_Emily Zyxel Official Agent Posts: 571  mod

    Hi @itxnc,

    The malicious IP 172.217.13.238 is submitted to cloud service white list for analysis.

    It may take 3~5 days to check this IP.

    After the reported malicious IP is verified, the IP 172.217.13.238 will be removed in the next signature release of IP reputation.

  • We are seeing the same thing with photos.google.com, news.google.com all blocked by IP Reputation. How do we submit the ips fro review?

  • Zyxel_EmilyZyxel_Emily Zyxel Official Agent Posts: 571  mod

    Hi @travisb,

    We are working on reviewing the IP addresses of Google services and we will add them to white list in the upcoming signature release.

    itxnc
  • We also had this issue today, reputation filter blocking pretty much all Google services.. docs, calendar, drive etc... of course all different IP addresses.

    Any update on when we might get the new signature release?

  • Zyxel_EmilyZyxel_Emily Zyxel Official Agent Posts: 571  mod

    Hi @itxnc,

    The IP 172.217.13.238 is added to white list and doesn't belong to phishing category.

    Update IP Reputation signature to the latest version and remove this IP from the white list.


    @travisb , @BSharp,

    For all other Google services, the new signature release which enhances this part will be available by Dec. 30th. 

    itxnc
  • IP Reputation Filter still blocking all google services (news,photos,drive,etc) using the following signatures. Tech support recommends unchecking phishing protection until issue is resolved.

    IP Reputation

    1.0.0.20200205.0

    2020-02-04 10:34:18 (UTC-08:00)

    2020-02-05 03:48:01

  • Zyxel_VicZyxel_Vic Zyxel Official Agent Posts: 149  mod

    Hi @travisb

    Would you share the IP address list that was blocked to us? We will compare with the cloud database and evaluate if we're going to add them into our signature database


    Thank you.

  • 172.217.14.238

    172.217.3.206

Sign In to comment.