-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Dynamic Botnet List Server using FTP/HTTPS protocol
05/12/2020 
31 People found this article helpful
475,693 Views
Description
The Botnet Filtering feature allows you to block connections to or from Botnet command and control servers and to make custom Botnet lists.
We also now have an option to download the Botnet list from a server using HTTPS and FTP protocols.
Resolution
For understanding the complete Botnet Filter configuration, please use the KB: How To Configure Botnet Filtering With Firewall Access Rules
With SonicOS 6.5.2, username and passwords for HTTP URLs in the dynamic Botnet configuration are accepted, and the information is transmitted in the HTTP header so the firewall has the required information.
To configure this feature:
Navigate to MANAGE | Security Configuration | Security Services | Botnet Filter.
- Click on Dynamic Botnet List Server.
Select Enable Botnet list download periodically. This option is not selected by default.
Select the frequency of downloads from Download Interval: 5 minutes (default),
15 minutes,
1 hour or
24 hours.
The firewall downloads the Botnet file from the server at the specified interval.
Select the protocol in which the firewall has to communicate with the backend server to retrieve the file from Protocol: FTP (default), HTTPS
Enter the IP address of the server to which the Botnet list file will be downloaded in the Server IP
Address field.Enter the login ID the firewall is to use to connect to the server in the Login ID field.
Enter the password the firewall is to use to connect to the server in the Password field.
Enter the directory path the firewall from which the firewall retrieves the Botnet file in the Directory
Path field. This server directory path is relative to the default root directory.
Enter the name of the file on the server to be downloaded in the File Name field.
- Click ACCEPT.
To view the downloaded list:
Navigate to MANAGE | Security Configuration | Security Services | Botnet Filter.
Navigate to the Dynamic Botnet List tab.
You can manually download the list immediately by clicking on the Download button or after the download interval, the IP addresses from the list will start showing up on this page.
You also have an option to Flush the entries downloaded via Dynamic Botnet List Server.
Any errors or misconfiguration can be seen on the button next to the Flush that explains what features are necessary to be ON for this to function as well when the next download is scheduled.
NOTE: When Dynamic Botnet List Server is configured, the SonicWall first inspects this list and when none of the IP matches, it checks the Botnet database from the back end to take further actions.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > NSa Series > Geo-IP & Botnet Filter
- Firewalls > SonicWall NSA Series > Geo-IP & Botnet Filter
- Firewalls > TZ Series > Geo-IP & Botnet Filter
YES
NO