topic Re: Regarding EDL domain list which is not working. in General Topics

Regarding EDL domain list which is not working.

Vijaygvasan — Tue, 07 Sep 2021 12:53:24 GMT

Hi Team,

I have a query where i need to block domain based malicious domains to be blocked with regards to EDL which we have internally.

I have called the EDL over the Application/URL category of the policy which has the EDL name which consist of certain number of malicious domains which need to be denied.

For this i had not seen any hit counts to be appeared or im not sure if its working.

I need to know how to block or deny malicious domains based upon the EDL.

For this do we need to enable decryption?

Re: Regarding EDL domain list which is not working.

LAYER_8 — Tue, 07 Sep 2021 15:38:45 GMT

If the DNS requests are being parsed through HTTPS, then yes, you will need decryption enabled. Most browsers default to DoH these days, so you may want to convince SysAdmin to disable.

Please also see this thread for wildcard / domain formatting, which may also be causing issues.

Re: Regarding EDL domain list which is not working.

BPry — Tue, 07 Sep 2021 17:21:39 GMT

@Vijaygvasan,

When you setup the EDL did you set the type to URL or domain? Formatting can also be a major issue if this is the first time you are attempting to use an EDL, so make sure its formatted correctly.

You actually don't need decryption to be able to block domains, but you do have to be mindful of what the firewall will actually see when looking at the traffic. Without decryption you'll only be able to see the domain as presented unencrypted in the handshake.