Regarding EDL domain list which is not working.

cancel
Showing results for 
Search instead for 
Did you mean: 

Regarding EDL domain list which is not working.

L3 Networker

Hi Team,

 

I have a query where i need to block domain based malicious domains to be blocked with regards to EDL which we have internally.

 

I have called the EDL over the Application/URL category of the policy which has the EDL name which consist of certain number of malicious domains which need to be denied.

For this i had not seen any hit counts to be appeared or im not sure if its working.

I need to know how to block or deny malicious domains based upon the EDL.

 

For this do we need to enable decryption?

 

2 REPLIES 2

L5 Sessionator

If the DNS requests are being parsed through HTTPS, then yes, you will need decryption enabled. Most browsers default to DoH these days, so you may want to convince SysAdmin to disable. 

 

Please also see this thread for wildcard / domain formatting, which may also be causing issues. 

Help the community! Add tags & mark solutions please.

Cyber Elite
Cyber Elite

@Vijaygvasan,

When you setup the EDL did you set the type to URL or domain? Formatting can also be a major issue if this is the first time you are attempting to use an EDL, so make sure its formatted correctly.

You actually don't need decryption to be able to block domains, but you do have to be mindful of what the firewall will actually see when looking at the traffic. Without decryption you'll only be able to see the domain as presented unencrypted in the handshake. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!