1. Log in to your Lumu account through the Lumu Portal and navigate to the integrations screen.
2. Locate the SonicWall Next-Gen FW integration in the available apps area and click to add, then click to view details.
3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.
4. To activate the integration, you need to select one of the two Integration modes. The one that corresponds to SonicWall Firewall is the Simplified one. Add a description and select the threat types you want to include.
5. If you want to generate a blocklist of IP addresses, you must select the option.
6. Once you create the integration, you will be provided with the Integration URL.
Once the integration is activated, the Dynamic External Objects/Groups section will be updated with confirmed compromises found by Lumu within the preceding 3 days.
Start by opening the SonicWall platform:
When it opens, you will see the Home screen, with all registered activity. Go into the Object option, in which you are going to be able to register Dynamic External Address Group with an external database that will feed your Firewall with malicious indicators gotten by Lumu.
You will see the following options in the Object Window. Select the Match Objects/Dynamic Group option.
To add a new Dynamic External Address Group , you will need to follow the next steps:
1. Set the name of your preference.
2. Set the Type field to Address Group, with no other options.
3. In the Zone Assignment option, select the most appropriate for your Firewall Network.
4. Remember that Lumu will create two lists for you, one with domains and the other with IPs. If you are creating the Dynamic External Address Group for the domains list, do not forget to enable the option FQDN. If you are creating the Dynamic External Address Group for the IPs list, you do not need to enable this option.
5. To keep synchronicity with the Lumu list, select the Enable Periodic Download, and choose the download interval of your preference.
6. Select HTTPS from the Protocol drop-down list.7. Paste the Lumu list on the URL option.
8. Click on save.
To add the Dynamic External Address Group in the policy to control and manage network traffic, you need to go to the Policy option. Go to the Rules and Policies/Security Policy.
You can add a new Rule with the Dynamic External Address Group, either above or below, depending on how you want to set up the network traffic. If you are adding a new one, you will need to follow the next steps:
1. Set the name of your preference.
2. You can provide a short description of your access rule in the Description area.
3. Select an Action, whether to Allow, Deny, or Discard access.
a. Allow - As long as the Enable option is selected, your access rule is active.
b. Deny - The firewall denies all connections matching this rule, blocks the page specified, and the action profile is served for web traffic. The firewall also resets the connections on both sides.
c. Discard - Firewall silently drops any packets matching this rule
4. Specify the type in the IP Version, IPv4 or IPv6.
5. Specify when the rule is applied by selecting a schedule from the Schedule drop-down menu. If the rule is always applied On, select Always. If the schedule you want is not listed in the drop-down menu, click the pencil icon to the right of the menu and create a New Schedule Object.
6. Add the Dynamic External Address Group that we created before in the Source/Destination > Destination > Address.
7. Finally, click on save.
1. Set the Type field to Address Group, with no other options.
2. Set the name of your preference.
3. In the Zone Assignment option, select the most appropriate for your Firewall Network.
4. Remember that Lumu will create two lists for you, one with domains and the other with IPs. If you are creating the Dynamic External Address Group for the domains list, do not forget to enable the option FQDN. If you are creating the Dynamic External Address Group for the IPs list, you do not need to enable this option.
5. To keep synchronicity with the Lumu list, select the Enable Periodic Download, and choose the download interval of your preference.
6. Select HTTPS from the Protocol drop-down list7. Paste the Lumu list on the URL option.
8. Click on save.
Remember to use the Dynamic External Address Group within your Firewall rules.If you are working with SonicOS 6.5.4.5-53n or above, you need to change the scheme of the Lumu URL to http before pasting it. For detailed information, read the SonicWall Community - DEAG Implementation forum.