Path: Policy - Network Objects - Dynamic Network Objects
Dynamic Network Objects (DNOs) are a special version of our implementation of Network Objects that are dynamically modified by policy rules. They can be global (available for all rules) or defined and used within an Advanced Correlation scenario.
In this article, we're describing the creation of a global dynamic network object:
- From the navigation menu on the left, select Policy.
- Select Network Objects from the submenu.
- Open the Dynamic Network Objects tab.
- Click ADD GLOBAL DYNAMIC NETWORK OBJECT to create a new object.
- Enter some General information for the object:
- specify a Name,
- optionally you can enter a descriptive Note, and
- assign one or more Network Tags to the dynamic network object (see also Creating tags).
- Under Settings, configure the following:
- Under Network, select whether the object should be considered part of the Internal network.
- Specify the Size of the object list (e.g. 100 entries).
- Set a Timeout greater than 0 after which entries will be removed automatically (e.g. 60 sec x 60 x 24 x 7 = 604,800 sec = 1 week). If you set the timout to 0, the entries will not be automatically removed from the DNO.
- Optional: If there are hosts you want to include in the list from the beginning or after applying the configuration, enter their IP addresses under Forced Includes. These entries will be handled as any other object of the list. They will be removed by timeout or by a rule with the delete action for dynamic network objects.
- Optional: To define exceptions, you can also exclude IP and MAC addresses from the DNO.
An example DNO for "All test clients" in the network may look like this:
For further information on network segmentation, see the Threat Defender documentation.