SonicWall गाइड

Is guide ka upyog karke SonicWall me Dynamic External Address Groups aur Dynamic External Address Objects ke through Cybora integrate karein. Ye SonicOS ka native approach hai jisme external IP ya FQDN feed ko consume karke policy me apply kiya jata hai.

What SonicWall can do with a Cybora feed

• SonicWall external feed ko Dynamic External Address Group (DEAG) me download kar sakta hai.
• Downloaded entries internal roop se Dynamic External Address Objects (DEAOs) ke roop me dikhai jati hain.
• Resulting dynamic group ko classic Access Rules ya Policy Mode Security Policies me use kiya ja sakta hai.
• Ye workflow IP-based feeds ke liye kaafi useful hai aur zarurat padne par FQDN-based workflows ko bhi support kar sakta hai.

Before you start

• Aisi SonicOS release use karein jo Dynamic Groups aur Dynamic External Objects support karti ho.
• Ensure karein ki firewall required network path ke through Cybora feed URL tak pahunch sakta ho.
• Decide karein ki feed ko IP-based dynamic group ke roop me treat karna hai ya FQDN-based ke roop me.
• Pehle se plan karein ki group ko kahan enforce karna hai, taaki sahi zone aur policy placement choose ki ja sake.

Create the dynamic external group

1. SonicOS me Dynamic Group ya Dynamic External Objects section par jayen.
2. Naya Dynamic External Address Group add karein.
3. Group ka clear naam dein.
4. Relevant zone assignment select karein.
5. FQDN sirf tab enable karein jab aapka feed FQDN-based dynamic objects populate karega.
6. Periodic download enable karein.
7. Cybora feed URL ko external source field me paste karein.
8. Download interval ko apne Cybora plan ke hisab se jitna ho sake utna set karein. Firewall ko feed ko plan se zyada frequently query karne ke liye configure na karein. Allowed interval ke andar sirf ek request permitted hai. Excessive polling ki wajah se feed block ho sakta hai.
9. Dynamic group save karein aur confirm karein ki initial download successful hai.

Apply the group in policy

1. Classic Mode me dynamic group ko Access Rule me use karein.
2. Policy Mode me dynamic group ko relevant Security Policy me use karein.
3. Rule action ko aise configure karein ki matching traffic aapki security policy ke hisab se block ya handle ho.
4. Logging enable karein taaki matches confirm kiye ja sakein aur troubleshooting aasaan ho.

Validation

1. Confirm karein ki dynamic group successfully download hua hai.
2. Object status ya comments section check karein.
3. Verify karein ki dynamic group intended Access Rule ya Security Policy me referenced hai.
4. Known matching traffic ke saath test karein aur resulting rule ya policy logs review karein.

Further reading

• Dynamic Group
• Adding Dynamic External Objects
• Applying Dynamic External Objects
• What are dynamic external objects/groups and how can we configure it?