Configure an Intelligent Feed on Cloud NGFW for AWS
Table of Contents
Configure an Intelligent Feed on Cloud NGFW for AWS
An intelligent feed, also called an external
dynamic list, is a list that you or third-parties can host on an
external web server. You can specify the Intelligence Feed as the
source or destination of your security rule. The NGFW checks the
hosted list at hourly or daily intervals, and enforces your security
rules based on the latest entries on your list, without requiring you
to make any configuration changes.
- IP List—Enforce policy for a list of source or destination IP addresses that emerge ad hoc by using an intelligent feed of type IP address as the source or destination address object in policy rules and configure the NGFW to deny or allow access to the IP addresses included in the list. The NGFW treats an IP List intelligent feed as an address object, and all IP addresses included are handled as one address object.The intelligent feed can include individual IP addresses, subnet addresses (address/mask), or range of IP addresses. In addition, the block list can include comments and special characters such as * , : , ; , #, or /. The syntax for each line in the list is [IP address, IP/Mask, or IP start range-IP end range] [space] [comment].Enter each IP address/range/subnet in a new line; URLs or domains are not supported in this list. A subnet or an IP address range, such as 92.168.20.0/24 or 192.168.20.40-192.168.20.50, count as one IP address entry and not as multiple IP addresses. If you add comments, the comment must be on the same line as the IP address/range/subnet. The space at the end of the IP address is the delimiter that separates a comment from the IP addressAn example IP address list:
192.168.20.10/32 2001:db8:123:1::1 #test IPv6 address 192.168.20.0/24 ; test internal subnet 2001:db8:123:1::/64 test internal IPv6 range 192.168.20.40-192.168.20.50 - URL List—Protect your network from new sources of threat or malware using URLs. The NGFW handles an intelligent feed with URLs like a custom URL category. For more information on the formatting of URL list, see Create a Custom URL Category for Cloud NGFW on AWS.
The
NGFW requires a certificate object to access the intelligent feed.
For more information, see Add a Certificate to Cloud NGFW for AWS.
- Select Rulestacks and select a previously-created rulestack on which to configure file blocking.Select .Enter a descriptive Name for your intelligent feed.(optional) Enter a description for your intelligent feed.Select the intelligent feed Type.Enter the Source URL.Select the Certificate Profile.Set the Update Frequency—Hourly or Daily.Click Save.
