Managing ExternalGroups
ExternalGroups consist of any feeds external to your environment, such as Countries (from MaxMind Database), Threat Feeds (from Proofpoint Global Threat Database), and SaaS-based services such as Azure Services/Service Regions and GitHub. You can use these ExternalGroups in Distributed Cloud Firewall (DCF) rules.
| If the DCF feature is disabled, ExternalGroups are not available. |
|
You cannot have an ExternalGroup as both a source and a destination in a DCF rule. If the same public CIDR is present in a VPC/VNet and in an ExternalGroup, and the DCF rule containing this ExternalGroup is blocking traffic, the inter-VPC/VNet traffic that uses this public CIDR may get blocked as well. |
SaaS-Based Services
| The Azure and GitHub services are only available with Controller version 7.2.4496 and above. |
-
Azure Services: IP addresses of Microsoft Azure services categorized by Service and Region. For more information see https://www.microsoft.com/en-us/download/details.aspx?id=56519.
-
GitHub: IP addresses of GitHub services categorized by service. For more information see https://docs.github.com/en/rest/meta?apiVersion=2022-11-28.
Threat Feeds
| If the Distributed Cloud Firewall (DCF) feature is disabled, the Threat Feeds are not available. |
The Default ThreatGroup can be used in DCF rules to ensure that traffic meeting the ThreatGroup criteria is blocked. When traffic triggers that rule, its DCF rule references are shown on the Groups > ExternalGroups tab.
The Default ThreatGroup is regularly updated with data from the Proofpoint Global Threat Database.
Countries
The Groups > ExternalGroups > Countries sub-tab displays countries. Click on the name of a country to show its details and rule references.