- Products
- Learn
- Local User Groups
- Partners
-
More
Hi all,
I wrote a script in Python using our API. The goal was clear, block around 1k IP addresses automatically and in a visual way, not through fw sam rules 
You can execute this script every day manually or you can schedule it using Crontab for example.
Tu use it in your environment you just need to change these variables at the begining and execute it!
You can find the script here: GitHub - toledanosjesus/chkp
After the first execution of the script, you just need to configure correctly your firewall policy. You need to have something similar to this:
Be aware this script is using python 2.7. You'll need to modify it a bit in case you want to use python 3.x
Enjoy!
1 Solution
Accepted Solutions
Better use SecureXL penalty box. It is a mechanism that performs an early drop of packets arriving from suspected sources.
Controls the IP blacklist in SecureXL. The blacklist blocks all traffic to and from the specified IP addresses. It is an easy way to block certain IP addresses quickly and eficiently on SecureXL level.
The blacklist drops occur in SecureXL, which is more efficient than an Access Control Policy or SAM rule to drop the packets. This can be very helpful e.g. with DoS attacks to block an IP on SecureXL level.
For example, the traffic from and to IP 1.2.3.4 should be blocked at SecureXL level.
On gateway set the IP 1.2.3.4 to Secure XL blacklist:
# fwaccel dos blacklist -a 1.2.3.4
On gateway displays all IP's on the SecureXL blacklist:
# fwaccel dos blacklist -s
On gateway delete the IP 1.2.3.4 from Secure XL blacklist:
# fwaccel dos blacklist -d 1.2.3.4
More to SecureXL penalty box read here :
R80.x - Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“
I have created a script to execute this command on all gateways at the same time or on a singel gateway.
Read more about this script here:
- GAIA - Easy execute CLI commands from management on gateways
- GAIA - Easy execute CLI commands on all gateways simultaneously
I execute this script in a loop on the management server and submit all tor network IP's from management to gateway.
Advantage: I can adjust the addresses almost in real time and don't have to install a policy.
Better use SecureXL penalty box. It is a mechanism that performs an early drop of packets arriving from suspected sources.
Controls the IP blacklist in SecureXL. The blacklist blocks all traffic to and from the specified IP addresses. It is an easy way to block certain IP addresses quickly and eficiently on SecureXL level.
The blacklist drops occur in SecureXL, which is more efficient than an Access Control Policy or SAM rule to drop the packets. This can be very helpful e.g. with DoS attacks to block an IP on SecureXL level.
For example, the traffic from and to IP 1.2.3.4 should be blocked at SecureXL level.
On gateway set the IP 1.2.3.4 to Secure XL blacklist:
# fwaccel dos blacklist -a 1.2.3.4
On gateway displays all IP's on the SecureXL blacklist:
# fwaccel dos blacklist -s
On gateway delete the IP 1.2.3.4 from Secure XL blacklist:
# fwaccel dos blacklist -d 1.2.3.4
More to SecureXL penalty box read here :
R80.x - Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“
I have created a script to execute this command on all gateways at the same time or on a singel gateway.
Read more about this script here:
- GAIA - Easy execute CLI commands from management on gateways
- GAIA - Easy execute CLI commands on all gateways simultaneously
I execute this script in a loop on the management server and submit all tor network IP's from management to gateway.
Advantage: I can adjust the addresses almost in real time and don't have to install a policy.
