Our Dynamic Block List (DBL) configuration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.
The DBL provides a maximum of 80,000 listings. This limit may be updated without notice.
Raise a Request
To continue with this configuration guide you must first raise a request via the Samurai MDR application. Add the following information within your request:
| Ticket field | Information |
|---|---|
| Title | DBL Onboarding Request for McAfee Gateway device(s) |
| Description | Add hostname and IP address (internet facing) of your McAfee Gateway(s). For example: mysecureproxy1.acme.org, 19.16*.2*.2 If enrolling multiple gateways please add the information on individual lines.* |
Submit the ticket and you will hear back from us with additional information (e.g DBL URL’s) to continue with the configuration below.
Connection Requirements
You will need to ensure your Secure Web Gateway can reach a specific URL to obtain the DBL. This information will be provided to you once subscribed.
| Parameter | Note |
|---|---|
| Connection Port | TCP / 80 |
| URL DBL | NTT will provide a unique URL to you to download the DBL URL list |
| IP DBL | NTT will provide a unique URL to you to download the DBL IP list |
Table 1: Connections requirements
From your Secure Web Gateway:
Configure the External Lists Module
Follow the steps outlined within the Skyhigh Security documentation:
Use the following parameters when completing the steps:
| Field Name | Parameter |
|---|---|
| Name | Whatever you want, however we suggest NTT_DBL |
| Data Source Type | Web Service |
| Web service’s URL | URL will be provided to you upon enablement of the add-on |
| Advanced Parameters - Maximum number of entries to fetch | 100000 |
| Advanced Parameters - Maximum size of data fetch in kb | 100000 |
Table 2: External Lists Module
Tip: To find out more information about External Lists refer to Skyhigh Security documentation About External Lists
Create a Rule
Follow the steps outlined within the Skyhigh Security documentation:
You need to configure a rule that denies access if the URL requested by the client matches the external list previously created.
Use the following parameters when completing the steps:
| Field Name | Parameter |
|---|---|
| Rule Name | Whatever you want, however we suggest ‘Block URLS that match the NTT DBL’ |
| Enable Rule | Selected |
| Rule Criteria/Apply this rule | If the following criteria is matched |
| Rule Criteria Type | URL/Host criteria |
| Filter | URL |
| Selected Operator | is in list |
| Compare with | ExtLists, StringList (String, String, String) |
| Settings | Select your external list created in Configure the External Lists Module |
| Parameters Property “Exlists.String” | 1. Placeholder ${0} Data (String) |
| Action | Block |
| Settings | URL Blocked |
Table 3: Rule creation