"Err: File exceeds IP count" in DEAG

Morristown_Green · March 2024

I'm using a vendor's dynamic list that has about 6100 addresses. Our TZ670 (7.1.1-7051) returns the error in the subject. Is there anything I can do?

Also, since I'm still feeling my way around the FW, I want to confirm that the policy should be DENY Source Zone WAN, address DEAG from preceding, and Destination Zone LAN? Thanks

Arkwright · March 2024

Is there anything I can do?

Start here:

https://www.sonicwall.com/support/knowledge-base/what-are-dynamic-external-objects-groups-and-how-can-we-configure-it/200507105852280/

You can confirm the limits for your model of firewall.

I want to confirm that the policy should be DENY Source Zone WAN, address DEAG from preceding, and Destination Zone LAN?

It depends what you are trying to do? What traffic are you currently allowing from WAN>LAN that you would like to block with this DEAG as a source?

Morristown_Green · March 2024

The list is known malicious IPs, retrieved hourly. There is probably some overlap with RBL. I would like to block them at the FW, at least inbound.

Thank you for the link. I had to look further and came upon this: https://community.sonicwall.com/technology-and-support/discussion/2476/deag-and-deao-maximums. Unfortunately, our device's maximum is 3949 objects and it won't come close to handling this list. I also learned that we were given the wrong instructions and the DEAG shouldn't have been set for FQDN, but it wouldn't have worked regardless.

Join the Conversation

"Err: File exceeds IP count" in DEAG

Best Answer

Answers