WAN egress filtering - best method to filter many web resources?
I have a VLAN with all our server appliances on it. Currently, there is minimal Server LAN to WAN egress filtering as all servers can go to almost anywhere on the internet (aside from what's in our content filter policy). I want to allow limited access to web resources and I have about 100 web addresses I need to allow access to. The way I see it, I could either use a content filter policy to allow access to only those 100+ addresses, or I could create a bunch of FQDN Address Objects and add them to an Address Group and then create a firewall rule using that to allow access.
I wanted to see if there is a preferred method to do this. Also, if it is more ideal to use a firewall rule with Address Object Group, then is there an easy way to import many address objects from a csv or text file instead of manually adding them one by one?
Hi lostbackups , you would be best going down the FQDN route, but you would be better using the DEAG option (Dynamic Address Objects) where you can put the list of FQDN's in a txt file and host locally via FTP or via HTTPS which then creates an address object group which you can then use for the Firewall rule. (see below)