As stated earlier, dynamic addresses provide dynamic
IP address information to security policies. A dynamic address entry
(DAE) is a group of IP addresses, not just a single IP prefix, that
can be entered manually or imported from external sources. The DAE
feature allows feed-based IP objects to be used in security policies
to either deny or allow traffic based on either source or destination
IP criteria. For example, a DAE may contain IP addresses for specific
domains or for entities that have a common attribute such as a particular
undesired location that poses a threat. When the DAE is updated, the
changes automatically become part of the security policy. There is
no need to manually update the policy; no configuration commit action
is required.
This topic steps you through a simple example of creating
a DAE and associating it with a policy. For complete information in
creating firewall policies in Security Director, see Creating Firewall Policies.
- Click Configure>Threat Prevention>Feed Sources.
The Feed Sources page appears.
- In the Custom Feeds tab, click Create > Feeds with
local files.
- Enter DAE_example1 as the name.
- Select Dynamic Address from the Feed Type list.
- Select the ATP Cloud realms from the Realms field.
- In the Custom List field, click the plus sign (+) to add
individual entries to the custom list.
- Add the following IP addresses. See the online help for
information on supported formats.
- Make sure all entries in the custom list are unchecked
and click OK.
- Click Configure > Firewall Policy > Policies.
Note: This is example uses simplistic rules to show how to associate
a DAE with an allowlist firewall policy. When creating your own firewall
policy, you will have to configure the rules that meet your company’s
requirements.
- Click the plus sign (+) to create a new firewall policy.
- Enter dynamic_address_test as
the name.
- Select All Logging Enabled from the Profile
pull-down menu.
- Select Device Policy as the Type and select
a device from the Device pull-down menu.
- Click OK.
After a few seconds, the dynamic_address_test policy appears
in the list.
- Click Add Rule next to the
dynamic_address_test
policy to start the rule wizard.
- Enter dynamic_rule as the name
and click Next.
- In the Source window, select untrust from the
Zone pulldown menu and click Select under the Address(es)
field.
- In the Source Address window, select the Include
Specific radio button.
- Select
DAE_example1
in the left table and click
the right arrow to move it to the right table. Then click Next.The Source window reappears and DAE_example1
appears
in the address(es) field.
- In the Destionation window, select trust from
the Zone pulldown menu and click Next.
- In the Advanced Security window, select permit from the Rule Action pulldown menu and click Next.
- In the Rule Options window, click Next to use
the default settings.
- Click Select in the Address(es) section and
click the Include Specifics radio button.
- In the Rule Analysis window, select the Analyze the
new rule to suggest a placement to avoid anomalies checkbox
and click Next.
After a few seconds, an analysis of your rule appears, including
where it should be placed, etc.
- Click Finish and then OK to exit
the wizard.
- In the resulting page, click Save (located
near the top of the window.)
- Check the checkbox for the
dynamic_rule
policy
and click Publish.When you publish rules, the process takes into account the priority
and precedence values set on the policy and the order of rules on
the device.