Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1043
Views
5
Helpful
3
Replies

Firepower FTD 6.4: How to realize a blocking for a long list of IP addresses?

Go to solution
rherud
Level 1
Level 1

‎12-07-2019 11:45 AM - edited ‎02-21-2020 09:45 AM

Hi guys,

I have just a short question:
How can a realize a blocking for a long list of IP addresses without entering them manually one by one.
The list is here:

https://paste.cryptolaemus.com/emotet/2019/06/21/emotet-malware-IoCs_06-21-19.html
Is there a trick that I don't need to enter them manually in a group object to create a blocking access control rule against it?
Every hint is very welcome!
Thanks a lot and have a nice weekend!

 

 

Bye

R.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-07-2019 06:52 PM

If you're OK with blocking the IP addresses altogether you can just import them as a plain text file into the IP Blacklist object.

The listing you referred to has address:port combos. Those you would probably have to enter manually. You could use the API but learning the prerequisites for doing that probably takes longer than manual entry. :)

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-07-2019 06:52 PM

If you're OK with blocking the IP addresses altogether you can just import them as a plain text file into the IP Blacklist object.

The listing you referred to has address:port combos. Those you would probably have to enter manually. You could use the API but learning the prerequisites for doing that probably takes longer than manual entry. :)

Go to solution
rherud
Level 1
Level 1
In response to Marvin Rhoads

‎12-08-2019 12:22 PM

Hi Marvin,
this sounds good!
I will prepare an ASCII file and import it to an IP Blacklist object.

Thanks a lot!

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎12-08-2019 07:40 AM

Hi,

You could create a manual Security Intelligence feed, essentially you just list the IP addresses to blacklist in a text file. The file can either be uploaded to the FMC or alternatively store the file on a web server and the FMC will query the list (as a feed) at regular intervals. Useful links here and here.

 

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card