SonicOS 8 Rules and Policies for Classic Mode

Technical Documentation>  Indicator of Compromise>  Configuring IoC IP Addresses File
Table of Contents

Configuring IoC IP Addresses File

You can configure the firewall to periodically download a file containing Indicator of Compromise (IoC) IP addresses from an HTTPS or FTP server. Upon download, the firewall parses the file and automatically updates the Custom List of IP Addresses.

The firewall supports a maximum of 16 IoC IP Address Files. The total number of IP addresses enforced by all selected files cannot exceed the device's model-specific limit.

For example, a TZ firewall supports up to 25,000 IP addresses in total. Although 16 IoC IP Address Files can be configured, the aggregate number of IP addresses across all enforced files must not exceed the 25,000-IP limit.

The maximum supported IP addresses is an overall device limit and varies by firewall model. This limit applies to the total number of IP addresses enforced across all IoC IP Address Files, not on a per-file basis.

  • TZ / NSv models: up to 25,000 IP addresses

  • NSA models: up to 50,000 IP addresses

To configure IoC IP addresess file

  1. Navigate to Policy > Indicator of Compromise > IP Addresses > External Files tab.

  2. Click the Add icon.

  3. Enter a Name for the IoC IP Address File.

    Only alphabets and numerical values without spaces are allowed in the Name field.

  4. Enable IoC IP Address download periodically for periodic downloads of the IoC IP Address File.

    If periodic download is not enabled, the firewall will not download the file automatically. You must click Download manually.

  5. Select the number of minutes or hours between downloads in the Download Interval field. You can select one of:

    • 5 minutes
    • 15 minutes
    • 1 hour
    • 24 hours

  6. Select the protocol to be used for downloading the IP Addresses.

    Protocol Specification Description
    FTP Server IP Address

    IP address of the FTP server where the IoC IP Address file resides.
    Login ID User name for logging into the FTP server
    Password Password for logging into the FTP server
    Directory Path Folder in which the IoC IP Address file resides on the FTP server
    File Name Name of the IoC IP Address file on the FTP server
    HTTPS URL Name

    URL which has the list of IP addresses.
    The URL Name should contain only the page name, and the schema will be derived from the selected Protocol.

    The URL's name with http or https or ftp or ftpsor :// will be considered as an invalid URL.
  7. Click Save.
Chat