What have you found to be the work effort involved and how did it work out? Is this likely to be used often or just in some specific cases?
I guess maybe she's talking about the dynamic object feature introduced in 5.0. Haven't used it myself, but it's useful for installations where you have ip addresses that changes a lot. An example could be data centers where virtual machines are moving around. So it's not really used a lot in most installations, but it's a nice feature. You can feed the dynamic object with the API.
We have looked at the feature in 5.0 in our test lab and see a real opportunity to use it when we migrate our production boxes shortly. Often we get a list of IP addresses that are related to bot-nets and it is suggested to block those destinations or at least track or alert if traffic goes there. This is great if you have a small number of IP addresses but if you have hundreds it can be challenging using scripts to modify PA rules. Here is where the dynamic objects would be used to pull in hundreds of IP address into a group to be used in a rule.
Additionally you could extract data out of your spam gateway (top spam senders or other bad traffic senders) and put it in a text file to be pulled into a group object on a regular basis. The ability to easily modify a text file of IP address and have them easily used by the firewall is a quite useful. The text file has to reside on a web server (could even be your desktop).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!