WatchGuard

Fireware Blocked Sites Import Installation

Apply KDC IOC lists through a controlled WatchGuard Firebox Blocked Sites import process.

IntegrationBlocked Sites Import AccessControlled export and operational procedure after approval
Controlled access

Apply to use KDC's secure feed infrastructure

KDC USOM Feed Service is available only to reviewed and approved organizations. After technical review and approval, the connection IP/FQDN, port, feed URLs, and vendor-specific values are delivered through a secure channel.

View the application process
1. Requirements

Before installation

Administrative accessFireware Web UI/Policy Manager or WatchGuard Cloud administrative access.
Source public IPThe actual public egress address used for feed access.
DNS and TLSThe KDC-provided FQDN and certificate chain must validate after approval.
Product eligibilityNote that Fireware documentation uses Blocked Sites import rather than a general-purpose native scheduled URL-pull threat-feed feature.
2. Integration method

Controlled Blocked Sites import

Official WatchGuard documentation does not describe a general-purpose native scheduled URL-pull feature equivalent to Palo Alto EDL or FortiGate External Feeds. This public guide therefore uses file import.

After KDC approval, a Fireware-compatible IP/FQDN export file is delivered through a secure channel. Automation requirements are assessed separately.

3. Import

Load the Blocked Sites list

  1. For a locally managed Firebox, open Setup → Default Threat Protection → Blocked Sites.
  2. Select Import.
  3. Choose the KDC-provided WatchGuard-compatible file.
  4. Review the entries and save the configuration.

For cloud-managed Fireboxes, use the Blocked Sites management and import option in WatchGuard Cloud.

4. Exceptions

Manage false positives with Blocked Sites Exceptions

Create a separate exception for critical services or validated false positives. Document device-side exceptions without modifying the source feed file.

5. Operations

Define the update procedure

  • Record the version and date of the KDC export.
  • Test each new list under change control.
  • Export or back up the current Blocked Sites list before import.
  • Review logs and exceptions after import.
6. Verification

Review Blocked Sites and logs

  • Verify the imported-entry count.
  • Check Blocked Sites under System Status or Live Status.
  • Review blocking logs and exception behavior.
7. Rollback

Restore the previous list

  1. Use the export or backup captured before the new import.
  2. Remove newly imported entries when necessary.
  3. Confirm Blocked Sites Exceptions remain intact.
Vendor KB and official documentation

WatchGuard references

Before implementation, also review the official administration guide, release notes, and capacity limits for the deployed product version.

Import Blocked Sites or ExceptionsDosyadan Blocked Sites listesi içe aktarma. About Blocked SitesBlocked Sites işleyişi ve yönetimi. Block a Site PermanentlyKalıcı blocked site ekleme ve dışa/içe aktarma. Create Blocked Sites ExceptionsYanlış pozitifler için istisna yönetimi. Cloud-managed Blocked Sites and PortsWatchGuard Cloud üzerinde blocked site yönetimi ve içe aktarma. Monitor and Manage Blocked SitesCloud-managed Firebox blocked site izleme.

The KDC guide does not replace vendor documentation. Menu names, license requirements, and supported capabilities can vary by product version and model.