cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Sam Rule and "sam: Failed to enforce inhibit rules"

Jump to solution

Hi,

I want to block an ip via sam as documentation:

how to use the web api to run the run-script 

https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/80898

when I try to run this command in management, I have this error:

fw sam -t 600 -i src 11.11.11.11 sam: Could not resolve firewalled object name in 'Inhibit src ip 11.11.11.11 on All'. The entire SAM request was not enforced. sam: Failed to enforce inhibit rules

any advice about this issue would be appreciated

Labels (1)
1 Solution

Accepted Solutions
Employee+
Employee+

Re: Sam Rule and "sam: Failed to enforce inhibit rules"

Jump to solution

Here is a working example of using fw sam inside a run-script command written in bash using curl. Note the variables and the fw sam syntax may be different for your environment.The run-script api call has an argument for "targets". The target is the Check Point device the script/command will be executed on. In this example the fw sam command is executed on my Management server ("HomeMgr"), and the management server is telling all my gateways ("-f All") to enforce this sam rule. If you wish to use a different method you can simply translate the same parameters in the "POST -d" line below to another scripting language like mgmt_cli/python etc.

     Run Script Call

3 Replies
Admin
Admin

Re: Sam Rule and "sam: Failed to enforce inhibit rules"

Jump to solution

By default fw sam will push the rule to all defined gateways if executed from the management.

The fact you're getting that error suggests no gateways are defined at all (which means fw sam won't work).

Curious, what happens when you try it with an actual firewall object name (e.g. -f gw-name).

Employee+
Employee+

Re: Sam Rule and "sam: Failed to enforce inhibit rules"

Jump to solution

Here is a working example of using fw sam inside a run-script command written in bash using curl. Note the variables and the fw sam syntax may be different for your environment.The run-script api call has an argument for "targets". The target is the Check Point device the script/command will be executed on. In this example the fw sam command is executed on my Management server ("HomeMgr"), and the management server is telling all my gateways ("-f All") to enforce this sam rule. If you wish to use a different method you can simply translate the same parameters in the "POST -d" line below to another scripting language like mgmt_cli/python etc.

     Run Script Call

Re: Sam Rule and "sam: Failed to enforce inhibit rules"

Jump to solution

As you may know, Check Point has many ways to block malicious addresses. One of my favorites is the new IOC API for R80.20.M1.

mgmt_cli add threat-indicator name "BadHost" observables.1.name "BadHostObservable" observables.1.ip-address 11.11.11.11

this way you can provision this to multiple gateways.