FAQ: Recommendations on adding Address Objects and Address Object Groups via CLI
Description
This article provides SonicWall's recommendations to add Address Objects and Groups in bulk via CLI.
Resolution
Q: Are there any actions recommended before start adding configuration via CLI?
A: Perform a local backup. More details can be found here.
Export the EXP settings. More details can be found here.
Q: Which interface is safer to use?
A: Any interface that is dedicated for management of the firewall, such as MGMT.
More details can be found here and here.
Q: When is the best time to add Address Objects in bulk via CLI?
A: The best time is when the network traffic is low and CORE 0 usage is low. SonicWall recommends outside business hours.
More details can be found here.
Q: Is there a safe limit of Address Object to add on a single Commit?
A: SonicWall recommends a 150 limit on a per commit basis using CLI.
More details can be found here.
Q: How often can we make a commit?
A: When updating records via the CLI, SonicWall recommends waiting up to 300 seconds between commits for bulk changes.
More details can be found here.
Q: What is the maximum and optimal Address Object Group size?
A: The maximum number of Address Objects within an Address Group is 1000, including the Address Objects from nested Address Groups.
More details can be found here.
Q: Can the Address Groups contain mixed types of Address Objects? (FQDN, Range, Host, Network, IPv6, etc.)
A: Generally, Address Groups can contain a mixture of Address Object types such as FQDN, MAC, Host, and others. However, there are configuration areas that can accept only a subset of those types or a specific type.
More details can be found here.