Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating Custom Feeds, Dynamic, Black and White

    To access this page, click Configure>Threat Prevention>Custom Feeds.

    You can create customs feeds from the custom feeds page.

    • Know what type of feed you are configuring and have all the necessary information on hand. For example, for custom feeds from a file server, you must have the file server URL and a valid user name and password for the file server. Local feeds are created on your local system and uploaded from there.
    • To use a custom feed, apply it to the source or destination address in a firewall rule. In the firewall rule, you can filter addresses to show Infected Hosts, Dynamic Addresses, Whitelists and Blacklists.
    • For creating an Infected Host custom feed, see Creating Custom Feeds, Infected Host.

    To create local file and remote file custom feeds:

    1. Select Configure>Threat Prevention>Custom Feeds.
    2. Select one of the following feed types.

      Table 1: Custom Feed Categories

      Feed Category

      Definition

      Dynamic Address

      A dynamic address entry provides dynamic IP address information to security policies. A dynamic address is a group of IP addresses, not just a single IP prefix, that can be imported from external sources. These IP addresses are for specific domains or for entities that have a common attribute such as a particular undesired location that poses a threat. You can then configure security policies to use the dynamic addresses within a security policy.

      Note: For Dynamic Address, you can create multiple custom feeds. For Whitelist, Blacklist, and Infected Host, you can only create one custom feed for each.

      Whitelist

      A whitelist contains known trusted IP addresses, URLs, and domains. Content downloaded from locations on the whitelist does not have to be inspected for malware.

      Blacklist

      A blacklist contains known untrusted IP addresses, URLs, and domains. Access to locations on the blacklist is blocked, and therefore no content can be downloaded from those sites.

      Infected Host

      Infected hosts are hosts known to be compromised. Enter host IP addresses manually or upload a text file with the IP addresses of infected hosts. See Creating Custom Feeds, Infected Host for configuration details.

    3. Click Create and select one of the following:
      • Feeds with local files—This is data you enter manually into the provided fields or upload from a text file on your location machine. See Table 2 for details.
      • Feeds with remote file server—This is a data feed from a remote server. Configure communication with the remote server using instructions in Table 3.
    4. Complete the configuration by using the guidelines inTable 2 or Table 3.
    5. Click OK. Your entry is added to custom list displayed at the bottom of the page.

    Note: To use a custom feed, apply it to the source or destination address in a firewall rule. In the firewall rule, you can filter addresses to show Infected Hosts, Dynamic Addresses, Whitelists and Blacklists.

    Use the fields in Table 2 to add custom feeds.

    Table 2: Fields on the Custom Feeds Page, Feeds with Local Files

    Field

    Description

    Name

    Enter a unique string that must begin with an alphanumeric character and can include colons, periods, dashes, and underscores; no spaces allowed; 63-character maximum.

    Description

    Enter a description for your custom feed; maximum length is 1,024 characters. You should make this description as useful as possible for all administrators.

    Feed Type

    Select one of the following:

    • IP, Subnet and Range—Enter an IPV4 address in standard four octet format. CIDR notation and IP address ranges are also accepted. Any of the following formats are valid: 1.2.3.4, 1.2.3.4/30, or 1.2.3.4-1.2.3.6.
    • URL and Domain—Enter the URL using the following format: http://badurl.com/abc and Domain using the following format: http://badurl.com. Wildcards and protocols are not valid entries.

    Note: For Dynamic Address, you can only select IP, Subnet, and Range. For Blacklists and Whitelists, all feed types are available for selection.

    Custom List

    Do one of the following:

    • Click Upload File to upload a text file with an IP address list. Click the Add button to include the address list in your custom list.

      Note that the file must contain only one item per line (no commas or semi colons). All items are validated before being added to the custom list.

    Manually enter your item in the space provided in the Custom List section. To add more items, click + to add more spaces.

    Table 3: Fields on the Custom Feeds Page, Feeds with Remote File Server

    Field

    Description

    Name

    Enter a unique string that must begin with an alphanumeric character and can include colons, periods, dashes, and underscores; no spaces allowed; 63-character maximum.

    Description

    Enter a description for your custom feed; maximum length is 1,024 characters. You should make this description as useful as possible for all administrators.

    Feed Type

    Select one of the following:

    • IP, Subnet and Range—Enter an IPV4 address in standard four octet format. CIDR notation and IP address ranges are also accepted. Any of the following formats are valid: 1.2.3.4, 1.2.3.4/30, or 1.2.3.4-1.2.3.6.
    • URL and Domain—Enter the URL using the following format: http://badurl.com/abc and Domain using the following format: http://badurl.com. Wildcards and protocols are not valid entries.

      Note: For Dynamic Address, you can only enter IP, Subnet, and Range. For Blacklists and Whitelists, all feed types are available for selection.

    Type of Server URL

    Select one of the following:

    • http
    • https

    Server File URL

    Enter the URL for the remote file server.

    Username

    Enter the credentials for the remote file server.

    Password

    Enter the credentials for the remote file server.

    Update Interval

    Select how often updates are retrieved from the remote files server: Hourly, Daily, Weekly, Monthly, Never

    Modified: 2017-06-27