https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/38688#M2303 <HTML><HEAD></HEAD><BODY><P>Nice work.</P><P>I see you had the same idea as me. I already use IA for blocking Tor IPs.</P><P><A class="link-titled" href="https://github.com/tkoopman/psCheckPoint/tree/master/Examples/Tor_IA" title="https://github.com/tkoopman/psCheckPoint/tree/master/Examples/Tor_IA">psCheckPoint/Examples/Tor_IA at master · tkoopman/psCheckPoint · GitHub</A></P></BODY></HTML> Thu, 15 Feb 2018 00:33:39 GMT Tim_Koopman 2018-02-15T00:33:39Z https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/38685#M2300 <HTML><HEAD></HEAD><BODY><P>Create Identities from an IP list (like <A href="https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist">this</A>) and enforce based on your rule base configuration. Using the Identity API will provide IP list updates without having to install policy each time an IP is added to the list. The created identities will be stored inside Access Role objects. The main use-cases for this is for IP black-listing / white-listing and is a great alternative to using fw sam.</P><P></P><P>Requirements:</P><P>- Identity Web API enabled on gateway (More on that&nbsp;<A href="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/148503&amp;anchor=o136694">HERE</A>)</P><P>- Access Role Object in rule base and policy installed to gateway</P><P></P><P></P><P>&nbsp; &nbsp; &nbsp;<STRONG>Example Rule With Access Role Object</STRONG></P><P><IMG alt="" class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63036_Capture.PNG" style="width: 949px; height: 49px;" /></P><P></P><P>&nbsp; &nbsp; &nbsp;<STRONG>Running The Python Script</STRONG></P><P><IMG alt="" class="image-2 jive-image" src="/legacyfs/online/checkpoint/63037_enforcer run.PNG" style="height: 593px;" width="391" /></P><P></P><P><STRONG>&nbsp; &nbsp;PDP Table (Identity Table) Entry On the Enforcing Gateway</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp;<IMG alt="" class="image-3 jive-image j-img-original" src="/legacyfs/online/checkpoint/63038_pdp entry.PNG" style="width: 620px; height: 279px;" /></STRONG></P></BODY></HTML> Tue, 13 Feb 2018 16:12:20 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/38685#M2300 Joe_Dillig 2018-02-13T16:12:20Z https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/38686#M2301 <HTML><HEAD></HEAD><BODY><P>Another way to skin the cat <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P>Note this is *probably* only relevant on R77.30 and above, based on the fact you're talking about the IDA API</P></BODY></HTML> Tue, 13 Feb 2018 22:52:28 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/38686#M2301 PhoneBoy 2018-02-13T22:52:28Z https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/38687#M2302 <HTML><HEAD></HEAD><BODY><P>Correct! There are about 5+ ways I can imagine to do this same function. I have alternate versions that us 'fw sam', 'fw samp', 'run-script' etc. I like the ID API best because you don't need to install policy when you change IPs in the list. The logging is also good because you can specify details in your identity when you create it and it will show on the log in Smart Console.</P></BODY></HTML> Wed, 14 Feb 2018 14:36:54 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/38687#M2302 Joe_Dillig 2018-02-14T14:36:54Z https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/38688#M2303 <HTML><HEAD></HEAD><BODY><P>Nice work.</P><P>I see you had the same idea as me. I already use IA for blocking Tor IPs.</P><P><A class="link-titled" href="https://github.com/tkoopman/psCheckPoint/tree/master/Examples/Tor_IA" title="https://github.com/tkoopman/psCheckPoint/tree/master/Examples/Tor_IA">psCheckPoint/Examples/Tor_IA at master · tkoopman/psCheckPoint · GitHub</A></P></BODY></HTML> Thu, 15 Feb 2018 00:33:39 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/38688#M2303 Tim_Koopman 2018-02-15T00:33:39Z https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/73598#M4324 <P>Hi guys, once I have the script running and the sessions are being published on my GW as Identity Awareness API how can I select the Role Blacklist?</P><P>Thanks,</P> Tue, 28 Jan 2020 16:59:04 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/73598#M4324 Stefano_Bucci 2020-01-28T16:59:04Z https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/87901#M4944 <P>Hello,&nbsp;</P><P>as nobody has answered to Stefanos question I will repeat it here: Is it sufficient to create an Access Role in SmartConsole with the same name as used for the API injection (here: Blacklist)? Or are additional steps required to use the "Blacklist" as Source or Destination in Access Rules?</P><P>&nbsp;</P><P>Thank you,</P><P>Markus</P> Wed, 10 Jun 2020 11:52:19 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/IP-List-Enforcement-using-Identity-API/m-p/87901#M4944 Markus_Hauke 2020-06-10T11:52:19Z