Looking for the best way to protect again Cert Advisory AA20-302A on a SonicWall

DerekSmall

Sorry I'm new to SonicWall. Before I start creating tons of address objects, is there some other way to pull in a list of black-listed IPs? I was wondering if there is something like the feeds that PaloAlto, Fortinet or Cisco has which are automatically updated with domains and IP/subnets that should be black-listed.

Saravanan

Hi @DEREKSMALL,

Thank you for visiting SonicWall Community.

It sounds like you are looking for a set of blacklisted IP addresses that is handy and SonicWall blocks traffics from any of these IP addresses directly without having any address object or access rule configured on the SonicWall. Did I sound right? If so, then I would recommend using features such as RBL, Geo-IP and Botnet filter on the SonicWall which are dynamic w.r.t function. We just need to enable these features on the SonicWall and ensure they are in active working state. Below are couple of reference articles with scenario(s) may not be related to your hint but can explain the feature logic.

https://www.sonicwall.com/support/knowledge-base/configuring-smtp-real-time-black-list-rbl-filtering-on-the-sonicwall/170505557998744/

https://www.sonicwall-sales.com/news/what-is-botnet.html

Hope this helps.

BWC

Hi @DerekSmall

if I understand you correctly I guess you might be looking for something like this:

https://www.sonicwall.com/support/knowledge-base/what-are-dynamic-external-objects-groups-and-how-can-we-configure-it/200507105852280/

This list can be easily used in your access rules and are under your full control. But there is no ready-to-use list, you have to create them by yourself or get it from some trusted source.

--Michael@BWC

[Deleted User]

Hi @Derek ,

Were we able to answer your question?