Manage ExternalGroups
ExternalGroups consist of any feeds external to your environment, such as Countries (from MaxMind Database), Threat Feeds (from Proofpoint Global Threat Database), and SaaS-based services such as Azure Services/Service Regions and GitHub. You can use these ExternalGroups in Distributed Cloud Firewall (DCF) rules.
SaaS-Based Services
| The Azure and GitHub services are only available with Controller version 7.2.4496 and above. |
-
Azure Services: IP addresses of Microsoft Azure services categorized by Service and Region. For more information see https://www.microsoft.com/en-us/download/details.aspx?id=56519.
-
GitHub: IP addresses of GitHub services categorized by service. For more information see https://docs.github.com/en/rest/meta?apiVersion=2022-11-28.
Threat Feeds
The Default ThreatGroup can be used in DCF rules to ensure that traffic meeting the ThreatGroup criteria is blocked. When traffic triggers that rule, its DCF rule references are shown on the Groups > ExternalGroups tab.
The Default ThreatGroup is regularly updated with data from the Proofpoint Global Threat Database.
Countries
The Groups > ExternalGroups > Countries sub-tab displays countries. Click on the name of a country to show its details and rule references.