To add a large number of hosts to a Host Group, follow the steps below:
Log into the SEPM management console.
Click Policies and expand Policy Components
Create a Host Group giving it a unique name then add a couple unique host entries of the type(s) needed (i.e. DNS host, IP address, etc.), click OK to save the Host Group
Switch the Firewall Policy section and create a new Firewall policy
Under Windows Settings > Rules double-click on the cell for any rule under the Host column
Check the box to enable the Host Group you created in step 3, then click OK to save the rule edit
Click OK in the Firewall policy to save the changes
Right-click on the new Firewall policy and select Export...
Specify a location to save the .dat and click Export
Open File Explorer and navigate to the location you saved the exported Firewall policy
Rename the policy from xxxxx.dat to xxxxx.zip then extract the main.xml file from within the newly renamed .zip file
Note: If you have a zip utility, such as 7zip installed you can just right-click on the .dat and choose extract here
Open the main.xml file and locate the fwhostcontainer section that contains your added host entries. Example: <fwhostcontainer _d="false" _i="FB4846A4C0A8026405A213E7C8A35826" _t="1569607143916" _v="4"> <ipaddress _d="false" _i="97027BB9C0A8026405A213E783745119" _t="1569607136663" _v="3">220.127.116.11</ipaddress> <dnsdomain _d="false" _i="79329FA5C0A8026405A213E746499609" _t="1569607143909" _v="3">www.abc.com</dnsdomain> </fwhostcontainer>
Copy and paste the XML contents to an empty Notepad document
Then launch and create a new Excel document
Enter into column B all of the host information needed. Example: 18.104.22.168 www.abc.com
Then copy and paste the beginning XML tag to column A, to match the entry types. Example: <ipaddress _d="false" _i="97027BB9C0A8026405A213E783745119" _t="1569607136663" _v="3">22.214.171.124</ipaddress> <dnsdomain _d="false" _i="79329FA5C0A8026405A213E746499609" _t="1569607143909" _v="3">www.abc.com</dnsdomain>
Lastly, add the XML tag to column C. Example: </ipaddress> </dnsdomain>
Continue to fill in columns A and C with the appropriate XML tags
Select all the rows in column A, B and C and copy/paste them into a blank Notepad document
Copy the 'tab' field, then use the Edit > Replace feature to replace all 'tab' fields with empty strings
Once all the tabs characters are replaced select all the XML and copy/paste back into the main.xml file
Save main.xml then zip up the file
Rename the file, changing the file extension from a .zip to a .dat
Back in the SEP Manager under the Policies > Firewall Policies view, delete the temporary Firewall policy created in step 4
Under Tasks, choose Import Policy and navigate to and select the newly created .dat
When prompted that the Host Group already exists choose the "Overwrite existing policy" option and click OK
The Host Group is now updated with the additional entries added and can be used where appropriate.
Important Note: There is a known limitation with regards to editing the host group entries after performing this procedure. Due to how this procedure works, the _i value gets duplicated and any subsequent edits made to entries in this Host Group within the SEP Manager will occur against the first entry in the host group list. To avoid this issue, avoid editing the Host Group entries in the SEP Manager interface, or if editing is necessary, when performing step 15 ensure that the _i values for each line is made unique.
Rules for editing the _i value: It is a 24 character hex value. See below.
The first and last 8 hex numbers are from a random Integer. These can be edited to be unique hexadecimal characters for each entry.
The middle 16 characters should all be the same when performing the above procedure.
In the below example I show the first, middle and last sections broken out. The unique value edits can occur on the first and last sections only. Example _i value 91F088220A931A5D70CF51AA1FC66C28 can be broken out to 91F08822 0A931A5D70CF51AA 1FC66C28
Only the blue sections in the example should be edited for uniqueness.
Scripting methods to make the _i values unique may be employed, however Symantec support cannot provide assistance with this procedure.
Imported Document ID: TECH91252
Subscribing will provide email updates when this Article is updated. Login is required.