SonicOS 7.0 Rules and Policies for Policy mode

Settings > Botnet > Creating Custom Botnet Lists
Table of Contents

Creating Custom Botnet Lists

Address Object Name of the address object or address group object.
Botnet Icon indicating whether the entry was defined as a Botnet when created. A black circle indicates a Botnet, a white circle a non-Botnet.
Comments Any comments you added about the entry.
Configure Contains Edit and Delete icons for the entry.
Total Displays the number of entries in the Custom Botnet List.

An IP address can be wrongly marked as Botnet. This kind of misclassification can cause incorrect/unwanted filtering of an IP address. Having a custom Botnet list can solve this problem by overriding the Botnet tag for a particular IP address.

 

Creating a Custom Botnet List

For the firewall to use the custom Botnet list, you must enable it as described in Configuring Botnet Filters.

To create a custom Botnet list:

  1. Navigate to the POLICY | Rules and Policies > Settings > Botnet | Custom Botnet List.
  2. Click +Add. The Add Address Location dialog displays.
  3. Select an IP address object or create a new address object from the A Botnet IP Address list:

An address object cannot overlap any other address objects in the custom country list. Different address objects, however, can have the same country ID.

  • Create new address object… – the Add Address Location dialog displays.

    1. Create a new address location. Allowed types are:
      1. Host
      2. Range
      3. Network
      4. A group of any combination of the first three types

All other types are disallowed types and cannot be added to the custom Botnet list.

  • Create new address group… – the Add Address Location dialog displays.

    1. Create a new address object.

  • Already defined address object or address group

    1. If this address object is a known Botnet, select the Botnet checkbox.
    2. Optionally, add a comment in the Comment field.
    3. Click Save.

Editing Custom Botnet List Entries

To edit a custom Botnet list entry

  1. In the Custom Botnet List table, click the Edit icon in the Configure column for the entry to be edited. The Add Address Locationdialog displays the entry.
  2. Make your changes.
  3. Click Save.

The Custom Botnet List table is updated.