https://community.checkpoint.com/t5/Firewall-and-Security-Management/Autonomous-System-Number-Updatable-Object/m-p/245007#M47705 <P>Ah, very cool; will look into it.&nbsp; I assume this traffic won't be visible in the Smart Console logs and is handled at a lower level?</P><P>I don't understand this section in the SK you linked to though.&nbsp; Does this mean I can drop traffic, just not rate limit it?</P><UL><LI>SecureXL Rate Limiting rules for DoS Mitigation do not support these parameters (Known Limitation PMTR-87460):<UL><LI>cc:&lt;COUNTRY_CODE&gt;</LI><LI>asn:&lt;AUTONOMOUS_SYSTEM_NUMBER&gt;</LI></UL></LI></UL> Thu, 27 Mar 2025 16:13:28 GMT VikingsFan 2025-03-27T16:13:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Autonomous-System-Number-Updatable-Object/m-p/244975#M47691 <P>Have a need come up where it would be useful to be able to import an AS Number that gets updated automatically.&nbsp; A specific AS number is just sending us garbage constantly and we want to block all 200,000+ IPs from it.&nbsp; Wasn't sure if there was anything that I missed for doing that?</P><P>For now, I'm scraping all the subnets from a place like&nbsp;<A href="https://www.ip2location.com/" target="_blank">https://www.ip2location.com/</A>&nbsp;and putting them in a network feed flat file.&nbsp; It should work but it's not dynamic.</P><P>Thanks!</P> Thu, 27 Mar 2025 11:54:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Autonomous-System-Number-Updatable-Object/m-p/244975#M47691 VikingsFan 2025-03-27T11:54:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Autonomous-System-Number-Updatable-Object/m-p/245004#M47703 <P>You can refer to a specific AS with fwaccel dos and effectively block the traffic:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk112454" target="_blank">https://support.checkpoint.com/results/sk/sk112454</A>&nbsp;<BR />Not sure there is an Updatable Object with this information, unfortunately.</P> Thu, 27 Mar 2025 15:36:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Autonomous-System-Number-Updatable-Object/m-p/245004#M47703 PhoneBoy 2025-03-27T15:36:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Autonomous-System-Number-Updatable-Object/m-p/245007#M47705 <P>Ah, very cool; will look into it.&nbsp; I assume this traffic won't be visible in the Smart Console logs and is handled at a lower level?</P><P>I don't understand this section in the SK you linked to though.&nbsp; Does this mean I can drop traffic, just not rate limit it?</P><UL><LI>SecureXL Rate Limiting rules for DoS Mitigation do not support these parameters (Known Limitation PMTR-87460):<UL><LI>cc:&lt;COUNTRY_CODE&gt;</LI><LI>asn:&lt;AUTONOMOUS_SYSTEM_NUMBER&gt;</LI></UL></LI></UL> Thu, 27 Mar 2025 16:13:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Autonomous-System-Number-Updatable-Object/m-p/245007#M47705 VikingsFan 2025-03-27T16:13:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Autonomous-System-Number-Updatable-Object/m-p/245018#M47706 <P>It's handled in SecureXL and I believe you can also have it generate logs in SmartConsole.<BR />Believe the limitation only applies to actual rate limiting rules as opposed to drop ones.</P> Thu, 27 Mar 2025 17:28:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Autonomous-System-Number-Updatable-Object/m-p/245018#M47706 PhoneBoy 2025-03-27T17:28:43Z