Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

DEAG and DEAO Maximums:

We manage several hundred TZ's and NSA's, both Gen6 & 7

We use Dynamic External Address Groups to whitelist FQDNs from GAV, DPI-SSL, and App Control services.

This works great, however we seem to have reached a limit.

According to https://www.sonicwall.com/support/knowledge-base/what-are-dynamic-external-objects-groups-and-how-can-we-configure-it/200507105852280/

DEAG and DEAO Maximums:

Maximum DEAGs:

The maximum number of DEAGs, including both IP address and FQDN types, is 25% of the total number of address groups supported by the device.

The maximum number of DEAGs that can be created cannot exceed the number of address groups remaining before exceeding the total number supported on the firewall. For example, if a device supports 1024 Address Groups and you are using only 20 Address Groups, then 256 DEAGs (25% of 1024) can be created. However, if you have already manually created 1000 Address Groups, then only 24 DEAGs can be created.

Maximum DEAOs:

The maximum number of IP address type DEAOs is 25% of the total number of address objects supported by the device.

The maximum number of FQDN type DEAOs is 50% of the total number of address objects supported by the device.

The maximum number of DEAOs that can be created cannot exceed the number of address objects remaining before exceeding the total number supported on the firewall.


My question is:

Where can I find a data sheet that shows all the Firewalls and the DEAG/DEAO that each support?

Thanks

Graham

Category: Mid Range Firewalls
Reply

Best Answer

Answers

  • GrahamBarnesGrahamBarnes Newbie ✭

    Hi Saravanan,

    That just what I need.

    Thanks

    Graham

  • SaravananSaravanan Moderator

    You are most welcome @GRAHAMBARNES. It was a pleasure helping you. Have a good day!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.