Browse docs

Features

Validation and Troubleshooting

Validate a Cybora feed deployment and resolve typical download, parsing, and policy problems.

Last updated: June 29, 2026

On this page

Validation confirms that the firewall can download the feed, parse the indicators, and enforce the intended policy. Treat these as separate checks; a successful download does not automatically mean the policy is active.

Many problems do not come from the feed itself, but from URL errors, wrong indicator types, polling, certificates, platform limits, or a policy that does not use the imported object.

The four checkpoints

Check a rollout in this order:

  1. Download: Can the firewall reach the HTTPS URL?
  2. Import: Does the firewall recognize the TXT response and load entries?
  3. Policy: Is the imported list referenced in the intended rule?
  4. Effect: Do matches appear in logs or reports?

This order separates connectivity problems from format, license, and policy problems. Only when all four points work clearly is the feed truly integrated in production.

Check download

Check:

  • DNS resolution from the firewall or management plane.
  • Outbound HTTPS access to the Cybora feed host.
  • Certificate trust and proxy behavior.
  • Correct feed URL and license key.
  • Refresh interval matching the plan.
  • HTTP status code and response content of the feed URL.
  • Rate-limit or abuse-protection hints after excessive polling.

Check parsing

If the firewall downloads the feed but imports no entries, check whether the feed type matches the firewall object type. An IP list usually cannot be imported into a pure URL object, and a URL feed may not be accepted by a simple address alias.

Also important:

  • The feed is delivered as plain text.
  • Each line contains exactly one indicator.
  • IP, domain, and URL feeds must be imported into matching firewall functions.
  • Platform limits can cause not all entries to be accepted.

Check policy

If entries are imported but traffic is not affected:

  1. Confirm the rule references the imported list.
  2. Check rule order.
  3. Check source versus destination usage.
  4. Confirm that the policy was installed or committed.
  5. Review logs for the expected rule name.

Check effect

If download, import, and policy are correct, check the actual effect:

  • Are there log entries on the expected rule?
  • Is the list used as source or destination as intended?
  • Does an earlier allow or exclusion rule apply?
  • Is the policy enforced on the correct interface, zone, or gateway?
  • Did the firewall really install or commit the latest policy version?

For new environments, a controlled rollout is sensible. Start with logging, limited scope, or a test policy if the firewall supports it. Only after download, import, and policy effect are clear should the feed be used broadly in production blocking rules.

Information for support

For a support case, provide firewall vendor and version, feed type, configured feed URL without the full key, refresh interval, error message, HTTP status, timestamp, proxy status, and affected policy.