Example: Creating a Dynamic Address Custom Feed and Firewall
Policy
As stated earlier, dynamic addresses provide dynamic
IP address information to security policies. A dynamic address entry
(DAE) is a group of IP addresses, not just a single IP prefix, that
can be entered manually or imported from external sources. The DAE
feature allows feed-based IP objects to be used in security policies
to either deny or allow traffic based on either source or destination
IP criteria. For example, a DAE may contain IP addresses for specific
domains or for entities that have a common attribute such as a particular
undesired location that poses a threat. When the DAE is updated, the
changes automatically become part of the security policy. There is
no need to manually update the policy; no configuration commit action
is required.
Procedure
This topic steps you through a simple example of creating
a DAE and associating it with a policy. For complete information in
creating firewall policies in Security Director, see Creating Firewall Policies.
- Click Configure>Threat Prevention>Feed Sources.
The Feed Sources page appears.
- In the Custom Feeds tab, click Create > Feeds with
local files.
- Enter DAE_example1 as the name.
- Select Dynamic Address from the Feed Type list.
- Select the Sky ATP realms from the Realms field.
- In the Custom List field, click the plus sign (+) to add
individual entries to the custom list.
- Add the following IP addresses. See the online help for
information on supported formats.
- Make sure all entries in the custom list are unchecked
and click OK.
- Click Configure > Firewall Policy > Policies.
Note This is example uses simplistic rules to show how to associate
a DAE with an allowlist firewall policy. When creating your own firewall
policy, you will have to configure the rules that meet your company’s
requirements.
- Click the plus sign (+) to create a new firewall policy.
- Enter dynamic_address_test as
the name.
- Select All Logging Enabled from the Profile
pull-down menu.
- Select Device Policy as the Type and select
a device from the Device pull-down menu.
- Click OK.
After a few seconds, the dynamic_address_test policy appears
in the list.
- Click Add Rule next to the dynamic_address_test policy to start the rule wizard.
- Enter dynamic_rule as the name
and click Next.
- In the Source window, select untrust from the
Zone pulldown menu and click Select under the Address(es)
field.
- In the Source Address window, select the Include
Specific radio button.
- Select DAE_example1 in the left table and click
the right arrow to move it to the right table. Then click Next.
The Source window reappears and DAE_example1 appears
in the address(es) field.
- In the Destionation window, select trust from
the Zone pulldown menu and click Next.
- In the Advanced Security window, select permit from the Rule Action pulldown menu and click Next.
- In the Rule Options window, click Next to use
the default settings.
- Click Select in the Address(es) section and
click the Include Specifics radio button.
- In the Rule Analysis window, select the Analyze the
new rule to suggest a placement to avoid anomalies checkbox
and click Next.
After a few seconds, an analysis of your rule appears, including
where it should be placed, etc.
- Click Finish and then OK to exit
the wizard.
- In the resulting page, click Save (located
near the top of the window.)
- Check the checkbox for the dynamic_rule policy
and click Publish.
When you publish rules, the process takes into account the priority
and precedence values set on the policy and the order of rules on
the device.
Help us to improve. Rate this article.
Feedback Received. Thank You!