https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-fetching-Malicious-IP-feeds-using-sk103154/m-p/101231#M10365 <P>I am using the method described in&nbsp;<SPAN>sk103154 Section 3. Not using ioc_feeds commands but scripts.&nbsp;</SPAN></P> Thu, 05 Nov 2020 15:06:49 GMT Antonis_Hassiot 2020-11-05T15:06:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-fetching-Malicious-IP-feeds-using-sk103154/m-p/98991#M10363 <P>Hi,</P><P>Trying to block incoming traffic from Malicious IPs using:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk103154" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk103154</A></P><P>This is Section [3]&nbsp; How to block traffic from custom IP feeds (managed from Management Server)</P><P>It seems to work ok for:&nbsp;<EM><A href="https://secureupdates.checkpoint.com/IP-list/TOR.txt" target="_blank">https://secureupdates.checkpoint.com/IP-list/TOR.txt</A>&nbsp;as I can see the following output on the Gateway:</EM></P><P>&nbsp;</P><P><EM>operation=add uid=&lt;5f85babb,000005d7,f102020a,0000132f&gt; target=all timeout=3575 action=drop log=log comment=threatcloud_ip_block service=any source=range:199.249.230.165 pkt-rate=0 req_type=quota<BR />operation=add uid=&lt;5f85babb,000005d9,f102020a,0000132f&gt; target=all timeout=3575 action=drop log=log comment=threatcloud_ip_block service=any source=range:199.249.230.167 pkt-rate=0 req_type=quota<BR />operation=add uid=&lt;5f85babb,000005da,f102020a,0000132f&gt; target=all timeout=3575 action=drop log=log comment=threatcloud_ip_block service=any source=range:158.69.63.54 pkt-rate=0 req_type=quota<BR /></EM></P><P>when issuing:&nbsp; fw samp get | grep threatcloud_ip_block</P><P>Subsequently I have tried adding other feeds in there, but I don't see any new rules created as above. Examples:</P><P>&nbsp;</P><P><A href="http://www.talosintelligence.com/documents/ip-blacklist" target="_blank">http://www.talosintelligence.com/documents/ip-blacklist</A></P><P><A href="https://api.blocklist.de/getlast.php?time=600" target="_blank">https://api.blocklist.de/getlast.php?time=600</A></P><P>Any idea on how to troubleshoot this?</P><P>&nbsp;</P> Tue, 13 Oct 2020 14:50:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-fetching-Malicious-IP-feeds-using-sk103154/m-p/98991#M10363 Antonis_Hassiot 2020-10-13T14:50:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-fetching-Malicious-IP-feeds-using-sk103154/m-p/99440#M10364 <P>Are you using ioc_feeds or something else?</P> Mon, 19 Oct 2020 01:31:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-fetching-Malicious-IP-feeds-using-sk103154/m-p/99440#M10364 PhoneBoy 2020-10-19T01:31:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-fetching-Malicious-IP-feeds-using-sk103154/m-p/101231#M10365 <P>I am using the method described in&nbsp;<SPAN>sk103154 Section 3. Not using ioc_feeds commands but scripts.&nbsp;</SPAN></P> Thu, 05 Nov 2020 15:06:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-fetching-Malicious-IP-feeds-using-sk103154/m-p/101231#M10365 Antonis_Hassiot 2020-11-05T15:06:49Z