What is the Easiest Way to Add a Large Number of Definitions?

You need to look at the REST API, although I have not used it so I don't know what it is available for this issue.   UTM is designed to be managed through the GUI, so nothing is documented about CLI scripts.

This also seems like the arcade game of whack-a-mole.  There are 4 billion IPv4 addresses, and an almost-infinite number of IPv6 addresses, so I don't know that you can make much headway entering 250 at a time.

I also wonder how many entries you can have in your list before UTM performance collapses, either during configuration tasks or during packet processing.    Windows folders tend to became very inefficient to browse after they have 2000 entries, so I am extrapolating from bad experiences there.

Suggest you look at Country Blocking and additional RBLs to preemptively block addresses that you do not need or do not trust.   When you do block an IP address, I would recommend blocking the /24 subnet rather than just one address.

When our staff travels overseas, they have to notify us of their current IP address, even if it changes every day.   We unblock that one address for remote access and leave the rest of the country blocked.   

All of this depends of course on your communication requirements, both incoming and outgoing.

Hello,

there is no Way via GUI. I dont think via CLI as well. Because of performance issues i would look into country blocking instead.

Regards

Jason

Thank you for replying

Well, this is very disappointing that this cannot be done with CLI. I have worked with Cisco ASA and Fortigate firewalls and I used to use cli for bulk configuration which saved me centuries of time

Also, I'v already enabled country blocking based on cyber security requirements in our company but, the wanted IP addresses are randomly scattered around the world

Ahlan and welcome to the UTM Community!

The problem one has when learning a new metaphor is that it's hard to ask the right questions.

I don't believe that one needs to do this when using the Sophos UTM, but that assumes that the UTM is otherwise well configured.  Show us 10 or 20 IPs and tell us what threat you want to avoid.

Cheers - Bob

One option is to put an ASA device in front of your UTM.   It is not a particularly expensive device in a basic configuration.   Since you already have the scripting ready to go, the savings in your labor and the ability to respond quickly should be enough to justify the purchase.

Thank you bob

Actually, I was shocked when I started dealing with Sophos when I found that it lacks granularity and ease of control as some other firewall that I have dealt with. That's why I am having crazy troubles with Sophos

Anyway, these request come from a government entity to instruct the related companies to block the IP addresses they mention. And I have no idea what are the threats behind those IP addresses. Here is a sample of the IP addresses if that would help you helping me:

95.186.166.41
93.168.124.122
73.53.94.104
60.214.107.239
51.39.94.15
5.82.12.140
46.38.79.34
41.69.202.18
37.99.190.7
31.205.76.244
23.233.190.28
212.12.178.90
200.98.144.53
2.89.209.41
198.36.39.184
176.241.185.65
151.38.159.130
146.251.87.68
139.199.23.185
132.232.148.138
129.208.18.11
107.184.226.83

Thank you for your time

Well that's a good idea Douglas

In that that case I would feel like I have a Sophos UTM + a real firewall to accomplish firewall work lol

Actually, there is a Cisco router. I will see if I can use it as a zone based firewall in this case

Thank you Douglas

UTM is not a traditional firewall, and Sophos has been careful not to put the word "firewall" in its name.   However, it can be used effectively as a firewall if you have a knowledgeable person who understands the nuances of making its unique architecture work as an equivalent to a firewall.    Lack of that knowledge (some of which is not in the manual but is on this forum) can also create unwanted risks.  I use UTM in bridge mode behind an ASA.  This configuration works very well for me, providing protections that may ASA does not.

Exactly

Unlike Cisco, Fortinet, and, some other vendors, there is a lot of difficulty to find Sophos proper documentations for many aspects. AN that forces the customers to be constrained with Sophos support. Everything will be different if there is a solid organised knowledge based web pages like Cisco for an instance

For your scenario, you are using a Sophos UTM and an ASA firewall which Fortigate firewalls(UTMs) can handle all of that for you in only one appliance. I think this is what UTM vendors must focus on. And that is to provide a really unified solution that saves time and equipment

Exactly

Unlike Cisco, Fortinet, and, some other vendors, there is a lot of difficulty to find Sophos proper documentations for many aspects. AN that forces the customers to be constrained with Sophos support. Everything will be different if there is a solid organised knowledge based web pages like Cisco for an instance

For your scenario, you are using a Sophos UTM and an ASA firewall which Fortigate firewalls(UTMs) can handle all of that for you in only one appliance. I think this is what UTM vendors must focus on. And that is to provide a really unified solution that saves time and equipment