topic Re: Step by step guide for penalty box R82 and R81.20 in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/Step-by-step-guide-for-penalty-box-R82-and-R81-20/m-p/276610#M105268 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/73547">@Lesley</a>,&nbsp;great job!</P> Wed, 06 May 2026 19:52:06 GMT _Val_ 2026-05-06T19:52:06Z Step by step guide for penalty box R82 and R81.20 https://community.checkpoint.com/t5/Firewall-and-Security-Management/Step-by-step-guide-for-penalty-box-R82-and-R81-20/m-p/276593#M105262 <H1>Penalty box for R81.20</H1> <P><BR />R81.20 reference guide:<BR /><BR /><A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_CLI_ReferenceGuide/Content/Topics-CLIG/PTG/SecureXL/fwaccel-dos-pbox.htm" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_CLI_ReferenceGuide/Content/Topics-CLIG/PTG/SecureXL/fwaccel-dos-pbox.htm</A><BR /><BR />Important SK for R81.20: <A href="https://support.checkpoint.com/results/sk/sk112454" target="_blank" rel="noopener">https://support.checkpoint.com/results/sk/sk112454</A><BR /><BR /></P> <PRE>fwaccel dos pbox allow -a 10.0.0.0/8</PRE> <P><BR />Add the ranges you wish that will not be blocked by the pbox. This should always be the first step.<BR /><BR /></P> <PRE>fwaccel dos pbox allow -s</PRE> <P><BR />Check if the whitelist is correct. Make sure all IP ranges that you want to whitelist from this feature are on this list.<BR /><BR /></P> <PRE>fwaccel dos pbox -M on</PRE> <P><BR />With this you enable the monitor only mode (no drops). If you set -M off it will change to drop mode depending if pbox is enabled (see command below)<BR /><BR />I advise to start couple days in monitor mode and keep a close eye on traffic logs. Make sure to enable the pbox and before that set in -M on mode then only pbox is active in monitor mode.<BR /><BR /></P> <PRE>fwaccel dos config set --enable-pbox</PRE> <P><BR />Enable the pbox<BR /><BR /></P> <PRE>fwaccel dos config set --enable-log-pbox</PRE> <P><BR />Enable pbox logs.<BR /><BR /></P> <PRE>fwaccel dos config set --pbox-rate 1000</PRE> <P><BR />You can change the default value from 500 to 1000.<BR /><BR /></P> <PRE>fwaccel dos config set --pbox-tmo 300</PRE> <P><BR />Configure how long a bad IP will be on the pbox timeout bench<BR /><BR /></P> <PRE>fwaccel dos config set --notif-rate 10</PRE> <P><BR />Change the default value of 100 to 10. Penalty box will log maximum 10 log entries per second.<BR /><BR /></P> <PRE>fwaccel dos config get</PRE> <P><BR />Check the config after the changes are done<BR /><BR /></P> <PRE>fwaccel tab -t dos_pbox -f</PRE> <P><BR />Check what IP’s are in the pbox<BR /><BR /></P> <PRE>fwaccel tab -t dos_pbox_violating_ips -f</PRE> <P><BR />Here you can see all the IP’s that the firewall keeps track if they will reach the --pbox-rate 1000 value<BR /><BR />Example of above command:<BR />Table: dos_pbox_violating_ips<BR />&nbsp;&nbsp;&nbsp; Total number of entries: 1453<BR />&nbsp; 47.84.X.X, Violations/Second: 18<BR />&nbsp; 91.196.X.X, Violations/Second: 12<BR />&nbsp;&nbsp;&nbsp; 69.5.X.X, Violations/Second: 1</P> <P>&nbsp;</P> <PRE>fwaccel dos stats get<BR /><FONT size="1 2 3 4 5 6 7">Firewall Instances in Aggregate:</FONT><BR /><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp; Memory Usage:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp; Total Active Connections:&nbsp; (FW connection limiting inactive)</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp; New Connections/Second:&nbsp;&nbsp;&nbsp; (FW connection limiting inactive)</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp; Number of Elements in Tables:</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <STRONG>Penalty Box Violating IPs:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1914</STRONG></FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rate Limit Source Only Tracks:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rate Limit Source and Service Tracks:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rate Limit Dest Only Tracks:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rate Limit Dest and Service Tracks:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">SecureXL:</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp; Memory Usage:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp; Packets/Second:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (rate limiting inactive)</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp; Bytes/Second:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (rate limiting inactive)</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp; Reasons <STRONG>Packets Dropped</STRONG>:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <STRONG>Monitored Only</STRONG>:</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; IP Fragment:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; IP Option:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Penalty Box:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <STRONG>311092570&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</STRONG> <STRONG>886119016</STRONG></FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Deny List:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; IOC Deny List:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rate Limit:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp; Number of Elements in Tables:</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <STRONG>Penalty Box IPs:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2</STRONG></FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Deny List IPs:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; IOC Deny List IPs:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; IOC Monitor-Only IPs:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; IOC External Deny List IPs:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; IOC External Monitor-Only IPs:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rate Limit Matches:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rate Limit Source Only Tracks:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rate Limit Source and Service Tracks:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rate Limit Dest Only Tracks:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT><BR /><FONT size="1 2 3 4 5 6 7">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rate Limit Dest and Service Tracks:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</FONT></PRE> <P>Some numbers what the pbox is doing etc<BR /><BR /><BR />Make sure if file below is active to make sure changes are reboot proof! (only R81)<BR /><BR /></P> <PRE>vi $FWDIR/conf/pbox-allow-list-v4.conf</PRE> <P>&nbsp;</P> <P>User VI editor and add the ranges 10.0.0.0/8</P> <P>&nbsp;</P> <PRE>chmod +x $FWDIR/conf/pbox-allow-list-v4.conf</PRE> <P><BR /><BR />Same for the config file! Also check if all changes are in this file. Firewall will check this file after reboot.<BR /><BR /></P> <PRE>vi $FWDIR/conf/fwaccel_dos_rate_on_install</PRE> <P><BR /><BR />Example config<BR /><BR /></P> <PRE>[Expert FW:0]# fwaccel dos config get<BR />&nbsp; rate limit: enabled (without policy)<BR />&nbsp;&nbsp;&nbsp; rule cache: disabled<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pbox: enabled<BR />&nbsp;&nbsp;&nbsp;&nbsp; deny list: disabled (without policy)<BR />&nbsp;&nbsp;&nbsp; drop frags: disabled<BR />&nbsp;&nbsp;&nbsp;&nbsp; drop opts: disabled<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; internal: disabled<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; monitor: disabled<BR />&nbsp;&nbsp;&nbsp;&nbsp; log drops: disabled<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; log pbox: enabled<BR />&nbsp;&nbsp;&nbsp; notif rate: 10 notifications/second<BR />&nbsp;&nbsp;&nbsp;&nbsp; pbox rate: 500 packets/second<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pbox tmo: 300 seconds</PRE> <H1><BR />How to search for PBOX drops in SmartConsole.</H1> <P><BR /><BR />In config you can see 2 lines that can be adjusted for logging:<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp; log drops: disabled<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; log pbox: enabled<BR /><BR />log pbox is the first SmartConsole log entry that is made after the first the an IP is added to a PBOX.<BR /><BR />The log pbox shows all logs that occur after IP is added to pbox. notif rate parameter changes thi<BR /><BR />Screenshot how it looks in Smart Console:<BR /><BR />Log drops:<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Lesley_0-1778076122402.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/34188i87A6EA4D8ABDAC6A/image-size/medium?v=v2&amp;px=400" role="button" title="Lesley_0-1778076122402.png" alt="Lesley_0-1778076122402.png" /></span><BR /><BR /><BR /><BR /><BR />Pbox drops: (are difficult to find, but they are there, I use these filters:<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Lesley_1-1778076122403.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/34187i5B38A6CEB6C3DC2B/image-size/medium?v=v2&amp;px=400" role="button" title="Lesley_1-1778076122403.png" alt="Lesley_1-1778076122403.png" /></span><BR /><BR /><BR /></P> <H1>Penalty box for R82</H1> <P><BR /><BR />R82 reference guide:&nbsp;<A href="https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_CLI_ReferenceGuide/Content/Topics" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_CLI_ReferenceGuide/Content/Topics</A></P> <P><BR />Important SK for R82: <A href="https://support.checkpoint.com/results/sk/sk182350" target="_blank" rel="noopener">https://support.checkpoint.com/results/sk/sk182350</A><BR /><BR />For R82, config is a bit different. I pasted example config below. Also the reboot proof items you do not need to check anymore.<BR /><BR /></P> <PRE>fwaccel dos pbox allow -a 10.0.0.0/8</PRE> <P><BR />Add 10/8 to whitelist<BR /><BR /></P> <PRE>fwaccel dos pbox allow -s</PRE> <P>&nbsp;<BR />Check if above whitelist changes are done correctly</P> <PRE>fwaccel dos pbox -M on</PRE> <P><BR />Enable pbox in monitor mode<BR /><BR /></P> <PRE>fwaccel dos pbox -c</PRE> <P><BR />Check if all config is set correctly<BR /><BR /></P> <PRE>fwaccel dos pbox -E on</PRE> <P><BR />Enable pbox feature<BR /><BR /></P> <PRE>fwaccel dos pbox -G on</PRE> <P><BR />Enable pbox logs<BR /><BR /></P> <PRE>fwaccel dos pbox -P 1000</PRE> <P><BR />Change from default 500 packets to 1000<BR /><BR /></P> <PRE>fwaccel tab -t dos_pbox_violating_ips</PRE> <P><BR /><BR />Extra R82 command:</P> <PRE>fwaccel tab -t dos_ip_deny_lists</PRE> <P><BR />Note this one does <STRONG>not</STRONG> work for R82: fwaccel tab -t dos_pbox -f<BR /><BR />R82 config example:</P> <PRE>[Expert@]# fwaccel dos pbox -c<BR />Penalty Box:<BR />&nbsp;&nbsp;&nbsp; Status&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; on<BR />&nbsp;&nbsp;&nbsp; Internal Interfaces&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; off<BR />&nbsp;&nbsp;&nbsp; Monitor-Only&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; off<BR />&nbsp;&nbsp;&nbsp; Log Drops&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; on<BR />&nbsp;&nbsp;&nbsp; Max Notifications Per-Second&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 logs/second<BR />&nbsp;&nbsp;&nbsp; Send TCP Reset&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; off<BR />&nbsp;&nbsp;&nbsp; Timeout for Blocked IPs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 360 seconds<BR />&nbsp;&nbsp;&nbsp; Has Blocked IPs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; yes<BR />&nbsp;&nbsp;&nbsp; Log when a new IP is blocked&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; on<BR />&nbsp;&nbsp;&nbsp; Drop rate to trigger on&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 500 packets/second</PRE> <P><BR /><BR /><BR /></P> Wed, 06 May 2026 15:29:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Step-by-step-guide-for-penalty-box-R82-and-R81-20/m-p/276593#M105262 Lesley 2026-05-06T15:29:03Z Re: Step by step guide for penalty box R82 and R81.20 https://community.checkpoint.com/t5/Firewall-and-Security-Management/Step-by-step-guide-for-penalty-box-R82-and-R81-20/m-p/276610#M105268 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/73547">@Lesley</a>,&nbsp;great job!</P> Wed, 06 May 2026 19:52:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Step-by-step-guide-for-penalty-box-R82-and-R81-20/m-p/276610#M105268 _Val_ 2026-05-06T19:52:06Z Re: Step by step guide for penalty box R82 and R81.20 https://community.checkpoint.com/t5/Firewall-and-Security-Management/Step-by-step-guide-for-penalty-box-R82-and-R81-20/m-p/276620#M105273 <P>Wow, Excellent Information!</P> Thu, 07 May 2026 06:18:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Step-by-step-guide-for-penalty-box-R82-and-R81-20/m-p/276620#M105273 sjni01 2026-05-07T06:18:22Z Re: Step by step guide for penalty box R82 and R81.20 https://community.checkpoint.com/t5/Firewall-and-Security-Management/Step-by-step-guide-for-penalty-box-R82-and-R81-20/m-p/276670#M105284 <P>I created a <A href="https://community.checkpoint.com/t5/SmartConsole-Extensions/Penalty-Box-Extension/m-p/276669#M757" target="_self">Penalty Box SmartConsole Extension</A> for R82+</P> Thu, 07 May 2026 22:32:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Step-by-step-guide-for-penalty-box-R82-and-R81-20/m-p/276670#M105284 Danny 2026-05-07T22:32:29Z