This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joe_Dillig
Employee Alumnus
Employee Alumnus
‎2018-02-13 08:12 AM

IP List Enforcement using Identity API

Create Identities from an IP list (like this) and enforce based on your rule base configuration. Using the Identity API will provide IP list updates without having to install policy each time an IP is added to the list. The created identities will be stored inside Access Role objects. The main use-cases for this is for IP black-listing / white-listing and is a great alternative to using fw sam.

Requirements:

- Identity Web API enabled on gateway (More on that HERE)

- Access Role Object in rule base and policy installed to gateway

     Example Rule With Access Role Object

     Running The Python Script

   PDP Table (Identity Table) Entry On the Enforcing Gateway

   

IPListEnforcer.tgz
5 Replies
PhoneBoy
Admin
Admin
‎2018-02-13 02:52 PM

Another way to skin the cat Smiley Happy

Note this is *probably* only relevant on R77.30 and above, based on the fact you're talking about the IDA API

0 Kudos
Joe_Dillig
Employee Alumnus
Employee Alumnus
‎2018-02-14 06:36 AM

Correct! There are about 5+ ways I can imagine to do this same function. I have alternate versions that us 'fw sam', 'fw samp', 'run-script' etc. I like the ID API best because you don't need to install policy when you change IPs in the list. The logging is also good because you can specify details in your identity when you create it and it will show on the log in Smart Console.

Tim_Koopman
Contributor
‎2018-02-14 04:33 PM

Nice work.

I see you had the same idea as me. I already use IA for blocking Tor IPs.

psCheckPoint/Examples/Tor_IA at master · tkoopman/psCheckPoint · GitHub

0 Kudos
Stefano_Bucci
Participant
‎2020-01-28 08:59 AM
In response to Tim_Koopman

Hi guys, once I have the script running and the sessions are being published on my GW as Identity Awareness API how can I select the Role Blacklist?

Thanks,

0 Kudos
Markus_Hauke
Explorer
‎2020-06-10 04:52 AM
In response to Stefano_Bucci

Hello, 

as nobody has answered to Stefanos question I will repeat it here: Is it sufficient to create an Access Role in SmartConsole with the same name as used for the API injection (here: Blacklist)? Or are additional steps required to use the "Blacklist" as Source or Destination in Access Rules?

 

Thank you,

Markus

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events