topic Re: block ip addresses in Firewall and Security Management

block ip addresses

80fd220b-e3b5-4 — Fri, 25 Feb 2022 15:55:01 GMT

Hi Guys,

I have a couple of R81 firewalls and a management R81.10. I need to block a lot of malware ip addresses (almost 50) and I would like to know what is the best way, if creating a Block Access Control Policy rule with that ip as Desination or use "Custom Policy Tools" --> "Indicators".

thanks a lot
Emiliano

Re: block ip addresses

CE_SE — Fri, 25 Feb 2022 19:21:57 GMT

See this topic for potential solution to your problem.

https://community.checkpoint.com/t5/General-Topics/Blacklisting-rogue-IPs/m-p/141123#M25006

Re: block ip addresses

the_rock — Fri, 25 Feb 2022 19:43:07 GMT

Hi Emiliano,

You can aso check out below discussion we had recently about it:

https://community.checkpoint.com/t5/Security-Gateways/BLOCK-BAD-REPUTATION-IPS-IN-A-DYNAMIC-WAY/m-p/141595#M21866

Andy

Re: block ip addresses

80fd220b-e3b5-4 — Fri, 25 Feb 2022 20:13:15 GMT

thank you all for the answer.

In my case, I have a static list of IPs, about 50, I could block the access towards them using "indicators" features, for example. Looking at your advices there are different ways to do that, but I would like to know pro and cons of them knowing I have gateway with R81.

thanks

Emiliano

Re: block ip addresses

Nüüül — Sat, 26 Feb 2022 08:11:29 GMT

In case they are changing from time to time you could use the script initially meant to Import o365 objects.
https://github.com/CheckPointSW-Community/IPaddressFeed2CheckPoint

you should just Need to put your IPList to i.e. a web server and change the source in the script(besides some variables).

Outcome is than a group with network objects you can use in policies and so on.