Custom Security Intelligence Lists
Security Intelligence lists are simple static lists of IP addresses and address blocks, URLs, or domain names that you manually upload to the system. Custom lists are useful if you want to augment and fine-tune feeds or one of the global lists, for a single Secure Firewall Management Center’s managed devices.
For example, if a reputable feed improperly blocks your access to vital resources but is overall useful to your organization, you can create a custom Do Not Block list that contains only the improperly classified IP addresses, rather than removing the IP address feed object from the access control policy’s Block list.
Note | You cannot add address blocks to a Block or Do Not Block list using a |
Regarding list entry formatting, note the following:
-
Netmasks for address blocks can be integers from
0to32or0to128,for IPv4 and IPv6, respectively. -
Unicode in domain names must be encoded in Punycode format, and are case insensitive.
-
Characters in domain names are case-insensitive.
-
Unicode in URLs should be encoded in percent-encoding format.
-
Characters in URL subdirectories are case-sensitive.
-
List entries that start with the pound sign (
#) are treated as comments. -
See additional formatting requirements at Custom Lists and Feeds: Requirements.
Regarding matching list entries, note the following:
-
The system matches sub-level domains if a higher-level domain exists in a URL or DNS list. For example, if you add
example.comto a DNS list, the system matches bothwww.example.comandtest.example.com. -
The system does not perform DNS lookups (forward or reverse) on DNS or URL list entries. For example, if you add
http://192.168.0.2to a URL list, and it resolves tohttp://www.example.com, the system only matcheshttp://192.168.0.2, nothttp://www.example.com.