https://community.checkpoint.com/t5/General-Topics/Blocking-Multiple-domain-using-script-on-R81-10/m-p/194861#M32622 <P>You might find it easier to upgrade to R81.20 and put all the domains in a <A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Network_Feed.htm" target="_self">Network Feed</A>.<BR />This will allow you to maintain this block list without having to manipulate objects in a group or pushing policy.</P> <P>Having said that, you can script this with something like the following two commands and some looping:</P> <UL> <LI>mgmt_cli -s sid.txt add dns-domain name ".example.com" is-sub-domain false</LI> <LI>mgmt_cli -s sid.txt set group name "MyGroup" members.add ".example.com"</LI> </UL> <P>A <A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/publish~v1.9%20" target="_self">publish</A> action every 100 or so iterations is recommended.</P> Wed, 11 Oct 2023 17:09:59 GMT PhoneBoy 2023-10-11T17:09:59Z https://community.checkpoint.com/t5/General-Topics/Blocking-Multiple-domain-using-script-on-R81-10/m-p/194855#M32620 <P>Hi Checkmates,<BR /><BR /><SPAN>Is there a method to efficiently block a large number of domains, such as 1000 or more, using a script in the R81.10 environment? Currently, within our network, we have access policies to block domains and we maintain a network object group where we typically list domain FQDN which we wanted to block. However, we recently received a request to block over 1000 domains, and we're looking for a way to add them in bulk to our existing network object group. Is there a script or method available for this scenario?<BR /><BR />#6200 #R81.10</SPAN></P> Wed, 11 Oct 2023 16:00:00 GMT https://community.checkpoint.com/t5/General-Topics/Blocking-Multiple-domain-using-script-on-R81-10/m-p/194855#M32620 ArsathParves1 2023-10-11T16:00:00Z https://community.checkpoint.com/t5/General-Topics/Blocking-Multiple-domain-using-script-on-R81-10/m-p/194861#M32622 <P>You might find it easier to upgrade to R81.20 and put all the domains in a <A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Network_Feed.htm" target="_self">Network Feed</A>.<BR />This will allow you to maintain this block list without having to manipulate objects in a group or pushing policy.</P> <P>Having said that, you can script this with something like the following two commands and some looping:</P> <UL> <LI>mgmt_cli -s sid.txt add dns-domain name ".example.com" is-sub-domain false</LI> <LI>mgmt_cli -s sid.txt set group name "MyGroup" members.add ".example.com"</LI> </UL> <P>A <A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/publish~v1.9%20" target="_self">publish</A> action every 100 or so iterations is recommended.</P> Wed, 11 Oct 2023 17:09:59 GMT https://community.checkpoint.com/t5/General-Topics/Blocking-Multiple-domain-using-script-on-R81-10/m-p/194861#M32622 PhoneBoy 2023-10-11T17:09:59Z