Network Feed Objects

Introduction

A network feed object is a network object that lets you enforce feeds that are generated on external HTTP/HTTPS servers. The feed can contain IP addresses (single or ranges), domains, or both.

For example:

  • Single IP (1.1.1.1)

  • Range (1.1.1.1-2.2.2.2)

  • IP + masklen (1.1.1.1/24)

  • FQDN domain (google.com)

  • Non-FQDN domain (*.google.com)

The feed must be written in a supported format (see below). The Security Gateway fetches, parses, and updates the network feed object automatically according to the feed changes on the external source server. There is no need to install policy for the updates to take effect. You can use an external network feed object in the Access Control / HTTPS Inspection / NAT policy as a source, or a destination.

For additional information review Quantum Security Management R81.20 Administration Guide

Discussion Points

  • Use a Network Feed object to customize a private web server feed definition for IP addresses or domains.

  • The objects are automatically updated in Security Gateway without the need to install a policy.

  • Updatable Objects uses the Network Feed to strengthen the dynamic configuration ability of the Access Control policy and make it dynamic.

Goal

Demonstrate the capability of network feed object.

Instructions

Step

Instructions

1

From Jump-Server VM , Open R81.20 SmartConsole.

Log in with the credentials of the Management Server administrator:

  • User Name : admin

  • Password : Cpwins1!

2

In SmartConsole, go to the Object Explorer.

3

Click New > More > Network Object > Network Feed.

The New Network Feed window opens.

4

  1. Enter Object Name (e.g: Network_Feed_Demo).

  2. Configure Network settings:

    1. Feed URL - Configure the URL which gives access to the external server feed,

      Please copy the following URL :

      Copy 
      https://my.pingdom.com/probes/ipv4

       

    2. Leave all the default "Feed Parsing" configuration and Click on "Test Feed":

    3. Click on "Test Feed" :

    4. You should receive the following output :

    5. Click on "Close" and OK

  3. Publish the changes.

5

Use the New Network Feed object in your Access Control Rule Base:

  1. Enable Rule # 6.3

  2. Add the Network feed Object to the destination (keep all the other rule configuration 'as is') :

6

Publish Session and Install Policy on R81_20_Security_Gateway.

7

From the Jump-Server VM , Open SSH session to R81_20_Security_Gateway,

Click on the MobaXterm Shortcut : "R81.20 Gateway (admin)" :

8

Run the following command on the gateway to monitor network feeds on the Security Gateway:

dynamic_objects -efo_show

9

You Should receive the following output :

10

Select one of the IPs from the output and copy it.

11

From the Jump-Server VM , Open RDP session to the 'Windows Client' VM with the saved credentials of user : demolab-ad\bruce

Use the RDP shortcut on the desktop :

12

On the Windows-Client VM,

Open CMD and run ping command to the IP that you copy on step 10.

You should receive "Request timed out" :

13

Return to the Jump-Server VM and Open R81.20 SmartConsole and Navigate to Logs & Monitor > Logs.

14

Review the generated log matched to our Network Feed rule :