Reputation Filter blocks GMail?

itxncitxnc Member Posts: 17  Freshman Member

We're starting to roll out ATP's to larger SMBs with 400+ Mbps Internet. Have really enjoyed setting them up and watching how they perform.

That said - the IP Reputation Phishing filter is pretty rough. We turned it on and saw tons of logs (Blocked Phishing) from desktops. Turns out the blocked IPs were Google IPs related to GMail and clients couldn't login properly (or render the full GMail interface). Yes - the IPs in question were listed on Maltiverse for Phishing, but seems like GMail's IP blocks would be pretty much whitelisted. So we turned off the Phishing & Anonymous Proxies check for now and we'll see how things progress.

Like SSL Inspection - we'll build up an exclusion list and see if we can tune them to allow these useful features to be enabled fully...

Comments

  • itxncitxnc Member Posts: 17  Freshman Member

    That said - if you aren't using Maltiverse to check IPs - really quick way to get access about IP addresses and some known threats. You can even cut/paste entire log file snippets into their threat analyzer and get quick run downs of the IPs in question:

    This was one of the IPs getting blocked repeatedly by the reputation filter - that belongs to Google/GMail.

  • Zyxel_EmilyZyxel_Emily Zyxel Official Agent Posts: 477  mod

    Hi @itxnc,

    The malicious IP 172.217.13.238 is submitted to cloud service white list for analysis.

    It may take 3~5 days to check this IP.

    After the reported malicious IP is verified, the IP 172.217.13.238 will be removed in the next signature release of IP reputation.

  • We are seeing the same thing with photos.google.com, news.google.com all blocked by IP Reputation. How do we submit the ips fro review?

  • Zyxel_EmilyZyxel_Emily Zyxel Official Agent Posts: 477  mod

    Hi @travisb,

    We are working on reviewing the IP addresses of Google services and we will add them to white list in the upcoming signature release.

    itxnc
Sign In to comment.