Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1890
Views
15
Helpful
10
Replies

Adding addresses to existing Network List - Firepower

Go to solution
ziqex
Level 4
Level 4

‎03-09-2020 06:48 AM

Hello everyone,

 

I would like to add couple of addresses to existing network list.

Once I click edit on the list, I can only delete existing addresses or save the config.

I don't see the add option. Please advise.

Regards,

Daniel

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to ziqex

‎03-10-2020 03:54 AM - edited ‎03-10-2020 03:57 AM

Once you've created the Network List, you would need to modify your Access Policy, go to the Security Intelligence tab and then select the list (add to whitelist).

E.g. - custom list called "IP_List" added to Whitelist.

 

ip list.PNG

 

You will also be able to determine whether the Policy is using the Global Whitelist/Blacklists.

View solution in original post

10 Replies 10

Go to solution
Rob Ingram
VIP
VIP

‎03-09-2020 06:55 AM

Hi,
Are you referring to Security Intelligence lists?
You just download the latest list, update it then re-upload the list and deploy.

HTH

Go to solution
ziqex
Level 4
Level 4
In response to Rob Ingram

‎03-09-2020 07:30 AM

Yes, I refer to Security intelligence , Network lists and feeds.

How can I download the list?

I see following options only: update feeds, add network lists and feeds delete.

Thanks
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to ziqex

‎03-09-2020 08:52 AM

You can select the pencil icon to the right of the list, which will open the window below. You can then click download, upload the list in notepad, edit and then re-upload.

 

si feed.PNG

 

If you don't see that, please upload a screenshot.

 

HTH

0 Helpful

Go to solution
ziqex
Level 4
Level 4
In response to Rob Ingram

‎03-09-2020 10:53 AM

For the global-whitelist I only see the option as per below screenshot. 

I do not know how can I add extra addresses. 

However, for the block list I see the same options as you have. 

Thanks

 

Preview file
12 KB
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to ziqex

‎03-09-2020 11:07 AM

You go to connection > events, right click the IP address and then select either Blacklist or Whitelist IP address. The IP address would then appear in the Blacklist or Whitelist you referenced.

 

Annotation 2020-03-09 180528.png

Spoiler
 
0 Helpful

Go to solution
ziqex
Level 4
Level 4
In response to Rob Ingram

‎03-10-2020 02:11 AM

What if the connection has not been ever established to those addresses.

The addresses are not shown in the events.

 

Regards,

Daniel

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to ziqex

‎03-10-2020 02:40 AM

You could just generate some traffic to the address(s), monitor in the connection events and then add to the global whitelist/blacklist.

 

Or just create a custom list (as per the screenshot I previously providied), that would perhaps allow you the ability to add/remove easier.

Go to solution
ziqex
Level 4
Level 4
In response to Rob Ingram

‎03-10-2020 02:48 AM

Perfect. I have created and uploaded new list as advised, called White_List.
Do I need to manually add it for policies etc?
If yes how can I check which policies are using the default Global-Whitelist.
Thanks for the advice.
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to ziqex

‎03-10-2020 03:54 AM - edited ‎03-10-2020 03:57 AM

Once you've created the Network List, you would need to modify your Access Policy, go to the Security Intelligence tab and then select the list (add to whitelist).

E.g. - custom list called "IP_List" added to Whitelist.

 

ip list.PNG

 

You will also be able to determine whether the Policy is using the Global Whitelist/Blacklists.

Go to solution
star1
Spotlight
Spotlight

‎03-09-2020 08:37 AM

Hello,

 

I think you need to do that on the Object - Object Management then find the object you need to modify and click on the pencil icon on the right hand then choose range then save the configuration and go back to policies - access control chose the object and deploy, this should sort the problem.

 

SS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card