Create a Post
Showing results for 
Search instead for 
Did you mean: 
Employee Alumnus
Employee Alumnus

IP List Enforcement using Identity API

Create Identities from an IP list (like this) and enforce based on your rule base configuration. Using the Identity API will provide IP list updates without having to install policy each time an IP is added to the list. The created identities will be stored inside Access Role objects. The main use-cases for this is for IP black-listing / white-listing and is a great alternative to using fw sam.


- Identity Web API enabled on gateway (More on that HERE)

- Access Role Object in rule base and policy installed to gateway

     Example Rule With Access Role Object

     Running The Python Script

   PDP Table (Identity Table) Entry On the Enforcing Gateway


5 Replies

Another way to skin the cat Smiley Happy

Note this is *probably* only relevant on R77.30 and above, based on the fact you're talking about the IDA API

0 Kudos
Employee Alumnus
Employee Alumnus

Correct! There are about 5+ ways I can imagine to do this same function. I have alternate versions that us 'fw sam', 'fw samp', 'run-script' etc. I like the ID API best because you don't need to install policy when you change IPs in the list. The logging is also good because you can specify details in your identity when you create it and it will show on the log in Smart Console.


Nice work.

I see you had the same idea as me. I already use IA for blocking Tor IPs.

psCheckPoint/Examples/Tor_IA at master · tkoopman/psCheckPoint · GitHub

0 Kudos

Hi guys, once I have the script running and the sessions are being published on my GW as Identity Awareness API how can I select the Role Blacklist?


0 Kudos


as nobody has answered to Stefanos question I will repeat it here: Is it sufficient to create an Access Role in SmartConsole with the same name as used for the API injection (here: Blacklist)? Or are additional steps required to use the "Blacklist" as Source or Destination in Access Rules?


Thank you,


0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events