SonicOS 7.0 Objects

Table of Contents

Adding Dynamic External Objects

To add a Dynamic External Object

  1. Navigate to OBJECT | Match Objects > Dynamic Group.

  2. Click the Add icon.

  3. Enter a Name for the dynamic external address group.

     

    • DEAG_ is automatically prepended to the name when saved.
    • Only alphabets and numerical values without spaces are allowed in the Name field.
    • Type is set to Address Group, with no other options.
  4. Select the Zone Assignment for the Dynamic External Address Group.

  5. Enable FQDN to create a Dynamic External Address Group of type FQDN.

    Enable FQDN only when you want to create an Address Group that contains multiple Address objects of FQDN type. All the Address Objects need to be of type FQDN.

  6. Enable Periodic Download for ongoing, periodic downloads of the Dynamic Address Group File.

    • Select the number of minutes or hours between downloads in the Download Interval field. You can select one of:

      • 5 minutes
      • 15 minutes
      • 1 hour
      • 24 hours

  7. Select the protocol to be used for downloading the DEAG file.

    Protocol Specification Description
    FTP Server IP Address

    IP address of the FTP server where the DEAG file resides. For more information, refer to About Dynamic External Address Group File.
    Login ID User name for logging into the FTP server
    Password Password for logging into the FTP server
    Directory Path Folder in which the DEAG file resides on the FTP server
    File Name Name of the DEAG file on the FTP server
    HTTPS URL Name

    URL which has the list of IP addresses or FQDNs.

    The URL Name should start with https:// and follow with the page name.
  8. Click Save.

Based on the configuration, the firewall reads the list of IP addresses or FQDNs from the file or URL and SonicOS automatically creates read-only address group and address objects which cannot be edited or deleted:

  • Address group with the name provided in the Add Dynamic External Object dialog box.

  • Address objects for every valid unique IP address or FQDN in the file.

The individual address objects are added to the Dynamic External Address Group or Dynamic External Object. You can use this group or object in access rules (Classic Mode) or security policies (Policy Mode).