SonicWall

SonicOS Dynamic External Address Group Installation

Configure KDC IP and FQDN feeds as SonicOS Dynamic External Address Groups.

IntegrationDynamic External Address Group AccessPrivate IP/FQDN feed details after approval
Controlled access

Apply to use KDC's secure feed infrastructure

KDC USOM Feed Service is available only to reviewed and approved organizations. After technical review and approval, the connection IP/FQDN, port, feed URLs, and vendor-specific values are delivered through a secure channel.

View the application process
1. Requirements

Before installation

Administrative accessSonicOS Dynamic Group and access-rule administration permissions.
Source public IPThe actual public egress address used for feed access.
DNS and TLSThe KDC-provided FQDN and certificate chain must validate after approval.
Product eligibilityVerify DEAG/DEAO support and capacity limits for the appliance model and SonicOS release.
2. Supported content

Use IP and FQDN feeds

SonicOS Dynamic External Address Group files support IP addresses and FQDN records. URL-path indicators cannot be used directly in DEAG format.

3. DEAG creation

Add Dynamic External Address Groups

Use OBJECT → Match Objects → Dynamic Group → Add.

ObjectContentSource
KDC-USOM-IPIP addressesSonicWall IP DEAG URL from the KDC approval document
KDC-USOM-FQDNFQDN/domainSonicWall FQDN DEAG URL from the KDC approval document

Configure HTTPS download, certificate validation, and update interval according to the KDC approval document.

4. Application

Use DEAG objects in access rules or security policy

  • Use the IP DEAG as a source or destination address group.
  • Use the FQDN DEAG in supported policy contexts.
  • Start with limited scope and logging.
5. Verification

Check download and member state

  • Review the last download state in Dynamic Group.
  • Verify the expected number of generated DEAO members.
  • Check DEAG matches in Access Rule logs.
  • Review vendor requirements for HA deployments.
6. Troubleshooting

File not retrieved or members not created

  • Check source-IP approval, HTTPS access, and certificate chain.
  • Verify the supported IP/FQDN file format.
  • Review model-specific DEAG/DEAO capacity.
  • Inspect Zone Assignment and policy references.
7. Rollback

Remove DEAG references safely

  1. Remove Access Rule and security-policy references.
  2. Apply the policy change and review logs.
  3. Delete the unused Dynamic Group object.
Vendor KB and official documentation

SonicWall references

Before implementation, also review the official administration guide, release notes, and capacity limits for the deployed product version.

Dynamic External Objects and GroupsDEAG/DEAO kavramı ve temel yapılandırma. About the DEAG fileHTTPS/FTP kaynağındaki IP ve FQDN dosya biçimi. Adding Dynamic External ObjectsSonicOS 7.1 üzerinde DEAG ekleme. Applying Dynamic External ObjectsDEAG nesnesini access rule ve politikalarda kullanma. DEAG and DEAO MaximumsModel ve sürüme göre kapasite sınırları. SonicOS API address objectsAPI ile address object ve group işlemleri.

The KDC guide does not replace vendor documentation. Menu names, license requirements, and supported capabilities can vary by product version and model.