SonicWall Firewall Simplified Out-of-the-Box Response Integration

SonicWall Firewall Simplified Out-of-the-Box Response Integration

Requirements

  • SonicWall Firewall
    • SonicWall Operating System 6.5 or 7
      For SonicOS 6.5, the integration is tested with SonicOS 6.5.4.5-53n or above. Please follow the instructions in the corresponding section to deploy it.
  • Lumu License
    • Lumu Defender subscription

Add Integration

1. Log in to your Lumu account through the Lumu Portal and navigate to the integrations screen.

2. Locate the SonicWall Next-Gen FW integration in the available apps area and click to add, then click to view details.


3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.


4. To activate the integration, you need to select one of the two Integration modes. The one that corresponds to SonicWall Firewall is the Simplified one. Add a description and select the threat types you want to include.


5. If you want to generate a blocklist of IP addresses, you must select the option.


6. Once you create the integration, you will be provided with the Integration URL.


Once the integration is activated, the Dynamic External Objects/Groups section will be updated with confirmed compromises found by Lumu within the preceding 3 days.

Configure SonicWall: SonicOS 7 Classic

Start by opening the SonicWall platform:


When it opens, you will see the Home screen, with all registered activity. Go into the Object option, in which you are going to be able to register Dynamic External Address Group with an external database that will feed your Firewall with malicious indicators gotten by Lumu.




You will see the following options in the Object Window. Select the Match Objects/Dynamic Group option.




To add a new Dynamic External Address Group , you will need to follow the next steps:

1. Set the name of your preference.

2. Set the Type field to Address Group, with no other options.

3. In the Zone Assignment option, select the most appropriate for your Firewall Network.

4. Remember that Lumu will create two lists for you, one with domains and the other with IPs. If you are creating the Dynamic External Address Group for the domains list, do not forget to enable the option FQDN. If you are creating the Dynamic External Address Group for the IPs list, you do not need to enable this option.

5. To keep synchronicity with the Lumu list, select the Enable Periodic Download, and choose the download interval of your preference.

6. Select HTTPS from the Protocol drop-down list.

7. Paste the Lumu list on the URL option.

8. Click on save.



To add the Dynamic External Address Group in the policy to control and manage network traffic, you need to go to the Policy option. Go to the Rules and Policies/Security Policy.




You can add a new Rule with the Dynamic External Address Group, either above or below, depending on how you want to set up the network traffic. If you are adding a new one, you will need to follow the next steps:

1. Set the name of your preference.

2. You can provide a short description of your access rule in the Description area.

3. Select an Action, whether to Allow, Deny, or Discard access.

a. Allow - As long as the Enable option is selected, your access rule is active.

b. Deny - The firewall denies all connections matching this rule, blocks the page specified, and the action profile is served for web traffic. The firewall also resets the connections on both sides.

c. Discard - Firewall silently drops any packets matching this rule

4. Specify the type in the IP Version, IPv4 or IPv6.

5. Specify when the rule is applied by selecting a schedule from the Schedule drop-down menu. If the rule is always applied On, select Always. If the schedule you want is not listed in the drop-down menu, click the pencil icon to the right of the menu and create a New Schedule Object.

6. Add the Dynamic External Address Group that we created before in the Source/Destination > Destination > Address.

7. Finally, click on save.




Configure SonicWall: SonicOS 6.5


Start by opening the SonicWall platform. Under the main screen, navigate to the MANAGE | Policies | Objects > Dynamic External Objects page. Then click the Add button. The Add Dynamic External Objects dialog displays.


To add a new Dynamic External Address Group, follow these steps:

1. Set the Type field to Address Group, with no other options.
2. Set the name of your preference.
3. In the Zone Assignment option, select the most appropriate for your Firewall Network.
4. Remember that Lumu will create two lists for you, one with domains and the other with IPs. If you are creating the Dynamic External Address Group for the domains list, do not forget to enable the option FQDN. If you are creating the Dynamic External Address Group for the IPs list, you do not need to enable this option.
5. To keep synchronicity with the Lumu list, select the Enable Periodic Download, and choose the download interval of your preference.
6. Select HTTPS from the Protocol drop-down list
7. Paste the Lumu list on the URL option.
8. Click on save.
If you are working with SonicOS 6.5.4.5-53n or above, you need to change the scheme of the Lumu URL to http before pasting it. For detailed information, read the SonicWall Community - DEAG Implementation forum.
Remember to use the Dynamic External Address Group within your Firewall rules.

        • Related Articles

        • Juniper SRX Firewall Out-of-the-box Response Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Juniper SRX Firewall to receive and block adversaries detected by Lumu and improve the detection & ...
        • Cisco Firepower Out-of-the-box Response Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Cisco Firepower to receive and block adversaries detected by Lumu and improve the detection & ...
        • Barracuda CloudGen Firewall Custom Response Integration

          This article shows how to leverage the Lumu Defender API and Barracuda CloudGen Firewall API to mitigate security risks. Response integration between Barracuda CloudGen Firewall and Lumu Requirements A Barracuda CloudGen Firewall on version 9.0 or ...
        • Watchguard Firebox Out-of-the-Box Response Integration

          Requirements A Watchguard Firebox Firewall operating on Fireware OS v12.7.1 or above An active Lumu Defender Subscription A Docker-enabled host with Internet visibility over Lumu and the Watchguard Firebox Firewall Create encryption keys The ...
        • Check Point Next Generation Firewall (NGFW) Out-of-the-box Response Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. This article shows how to create an Automated Intelligence Feed List using Check Point Next-Gen Firewall (NGFW). Requirements Check Point NGFW Gaia OS ...