Is there alternative to manual entry of IP addresses in dictionaries

DOtero

Good day all,

I have been tasked with creating a dictionary of IP addresses to then be used in a filter policy. In this case I have 3 CIDR IP addresses that in total add up to over 85k! And my type-writing cpm is dismal. And while that may be good if I am paid by the hour, I do have a life however limited by current health/government restrictions. So is there an alternative to making such large entries into a dictionary?

Additionally, is there a limit on the number of entries allowed in a dictionary?

I can't imagine how this will affect filtering time. Should that be a concern?

Regards,

David

TKWITS

I'm not sure if this applies, but it might help.

https://www.sonicwall.com/support/knowledge-base/what-are-dynamic-external-objects-groups-and-how-can-we-configure-it/200507105852280/

If you can generate a CSV or TSV of the IPs, and convert it to the required format it'd probably save you some time.

preston

Hi @DOtero, You could try creating the dictionary with partial addresses i.e.192.168.2. or like 192.168.2.1

and then create a policy for From or To depending on what you are trying to do, and set the filter to Contains, so in the examples given

they should detect anything that includes 192.168.2.1 - 192.168.2.254 and the second example should detect 192.168.2.1 to 192.168.2.199

I know this wouldn't include all the subnets but would reduce the amout that you need to add

as you don't have the option to use Regex it's the only way to detect I can see as even in the Connection Management option you can only allow allowed or denied IPs not whole subnets.