How to apply security policy over more than 200k public IP? (EDL? API?,...)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to apply security policy over more than 200k public IP? (EDL? API?,...)

L1 Bithead

Helo,

 

we have started a plan for a new project. I have created a picture, so you can see, what I acutally mean :).

 

User will via some customer portal setup a new broadband link. He will be able to choose if the broadband should be secured and by several levels - TP, URL, DNS, WF,...


If he choose the security level and confirm it, the customer portal will generate an IP address, which needs to be somehow send to the PAN FW.pict.png

We thought to use the EDL, but there is a some 50k / 150k records limitation. There is an expectations of about 200-400k public IP addresses. 
Do you have any idea, how we can handle it? We were thinking about some source objects via API, but still looking for some hints.

Thank you.

 

7 REPLIES 7

L5 Sessionator

You are describing the exact use case of dynamic address groups. See more here

Help the community! Add tags & mark solutions please.

DAGs are how our airline companies allow just entertainment (shows/movies) or just imessage, and then allow more after you purchase their extended wifi package. FYI

Help the community! Add tags & mark solutions please.

Hi, but DAGs have limitations about 150k on 52XX series? We are talking here about 200-400k... 
I am almost pretty sure that we would have to combine it with the LDAP

Hello,

Can user-id be used instead of IP's? This way you can use Active Directory groups instead.

 

Just a thought.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!