04-12-2022 11:04 AM
04-13-2022 02:24 PM - edited 04-13-2022 02:30 PM
We created to object groups of IP addresses and then bundled that into a single object group.
That object group gets assigned to a policy for the devices.
When you say your uploading a text file you create a notepad version of all your IP's you want in and upload that to the FMC via AMP or Intelligence?
I did some google foo and found this.
It's the last entry for this thread.
05-03-2022 11:31 AM
Sorry for the late reply, but this procedure that you suggested is exactly what we do. The problem is that after updating our FMC to 7.0.1.1, whenever we update our List with new IPs, FMC doesn't detect that there has been changes to our policies, therefore, we can't deploy the changes.
The only workaround we have right now is creating a whole new list and manually activating it it at Security Intelligence everytime we want to add something, instead of updating the current one, but that is too much time-consuming compared to how it used to be.
10-09-2023 10:56 PM
Hello All,
I am facing the same issue on FMC version 7.0.6 is there a solution or workaround provided for this issue
10-10-2023 12:25 AM
IP and URL blocklists function like Security Intelligence feeds. That is, they immediately sync to managed devices without requiring a deployment.
10-10-2023 12:34 AM
Hi Marvin,
Thank you so much for your quick response.
It was not the same before(6.6.5.2), is it a new feature in 7.0 i cannot find this detail in release notes. It will be helpful if you can share any reference documents for the same.
10-10-2023 07:00 AM - edited 10-10-2023 07:05 AM
@Arvind_AR I can't find a document at the moment that specifically says so but I verified the behavior just now in my lab. I started a ping to 8.8.8.8 (success), looked for the connection in the Analysis > Connection Events and right-clicked the 8.8.8.8 destination to "Add IP to Block List".
The pings started failing and new connection events showed Block action due to IP Block Reason. Checking in Object Management under Security Intelligence, Network List and Feeds showed the Global-Block-List now has that single address in it. I removed the address and, after about 30 seconds, the pings began to succeed again.
No deployment was done at any time.
10-10-2023 08:35 AM
@Marvin Rhoads Noted, Thanks for confirming.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide