how do you add IP's to a white-list on a Sonicwall firewall

Hi J.R.

In what security service are they being blocked, e.g. GAV, IPS, Geo-IP/Botnet Filtering, etc.?

In any case you need to create an Address Object in with their WAN IP address. Then you can add it to the security service Exclusions List. I'd recommend creating an Address Object Group after you create the Address Object then add the Address Object to the Group and make the Group the default Exclusions List object.

Let me know if you have any other questions!

Can you give me step by step, please.   My Firewall support guy is on vacation.

What is the model and SonicOS version...both can be found once you login on the Status page?

How are you seeing them being blocked...logs, someone telling you? You are going to have to provide a little more info than...Need to add IP address!

TZ 215  OS 5.9.0.6-3o

They are not being blocked.  It is our Payflow account.  See below for what they sent us.  

We announced earlier this year our plans to provide a more robust service by introducing additional IP addresses to the Payflow production and pilot environments. To minimize potential impact, we recommend that you use Domain Name Service (DNS) host names instead of hard-coding Payflow IP addresses.
However, if you must allow particular IP addresses through your firewall or proxy servers, please review our list of Payflow IP addresses to ensure that the appropriate IPs are configured in your firewall/proxy settings by January 10, 2018.

Please review our bulletin for additional information (including potential impacts) regarding this initiative. Any changes to the schedule will be updated on the bulletin.

Ok I changed my post above to reflect that (changed Type from Host to FQDN). So this is an application that requires inbound access to your network? Do you have the FQDNs? What port/services do they require open? What networks and servers does it need to reach?

There is a lot of info needed into order to do this and I'm not sure you have it all. But if you can answer these then we can set it up!

I don't know why I never received notice that this post had been updated.  See attached for what is being required of us.

I would use the domains in the URLs you were provided.

If nothing is being blocked then it is still unclear what you are trying to do with this vendor...

Please answer the questions from my earlier post:

• So this is an application that requires inbound access to your network?
• Do you have the FQDNs?
• What port/services do they require open?
• What networks and servers does it need to reach?

@Blue Street Tech.  Yes, we used it to transmit and receive funds and run reports
I only have their IP's that I listed
They do not require a specific port.  They are asking us to "Whitelist" their IP's
Needs to reach the IP's the provided

These are the most vague instructions... you have to understand.

They are asking us to "Whitelist" their IP's

If we are talking about your mail server... this would not require anymore info in order to achieve but we are talking about a UTM (Unified Threat Management) device... it requires more info by default.

If nothing is being blocked why are you whitelisting anything? Are you wanting to preventatively wishlist your security services, e.g. Content Web Filtering, Gateway Antivirus, etc.? If so, do you have active licenses? You can check System > Licensing and screenshot that page. If you have the licensing I have already provided the steps to whitelist those IPs from your security services above.

If you don't know what ports that need to be opened nor what internal servers need to communicate with this service you can't allow communication in your network. Outbound communication will occur by default unless you are filtering outbound traffic, in which case, again you'll need to know ports and internal servers.

Call your vendor they aren't providing enough info.

Thanks.  I reviewed both posts and believe I understand what needs to be done.