- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hello guys!
I'm planning to block all of TOR exit nodes using Checkpoint scripts created for that purpose, see link below.
How to block traffic coming from known malicious IP addresses
My question is this..
Will these exit nodes be append to the SAM Rule, or when it updates the SAM Rule will it clean all my SAM Rules already created and in place?
Thank you very much for your support.
Best regards.
Luis Borralho
That SK uses the fw samp mechanism, which is completely different from SAM rules.
Note fw samp is SecureXL friendly and is more efficient than using SAM rules.
Does it require anything else specific, except modification of script?
I've configured and can see rules in samp, but it's not enforce, nothing get block from source IP's.
TAC case opened, just in case..
operation=add uid=<5cf8fc48,000003b0,65c5c30a,000068d2> target=all timeout=458 action=drop log=log comment=threatcloud_TOR_block service=any source=range:199.249.230.78 pkt-rate=0 req_type=quota
Curious why this route and not simply blocking the TOR app in policy? Do you not have app control? I looked at the script but it would have to be redone after upgrade/lifecycle. Simply blocking app makes it part of the policy.
Blocking TOR app in policy only achieves blocking outgoing traffic from your network. With this route you achieve, that your publicly accessible services (DMZ...) cannot be accessed from TOR exit nodes.
Greetings, @Martin_Valenta.
I too am having the same problem: I configured the script following step 3 from the link mentioned above, I can see rules in SAMP, but apparently nothing is blocked as I see allowed connections in SmartView Tracker.
We are running R77.30 and do not have Application Control blade enabled (not licensed).
Did you manage to get it working? Is App Control a prerequisite to use the script?
App control is not a prerequisite. We are using the script on gateways without it.
There are some known limitations.
Did not test it on R77.30 however, we're using it on versions from R80.10 - R80.40.
Thank you for your reply.
The allowed connections that I see in SmartView Tracker are accepted by a rule in the firewall policy that is allowing from the Internet to a specific server in DMZ network through specific services.
Shouldn't this traffic be dropped by SAMP before it reaches the firewall policy?
Yes, it should. Not sure why it isn't working for you. Is this a cluster enviroment? Are rules applied on all gateways in a cluster?
On R80.40 we get "The packet violated the DOS module's rate limiting rule base (SecureXL device 0) (policy: 2045) (total rules: 3)" logs in SmartLog. No policy matches for this IP's.
@PhoneBoy : Any Ideas why we can search for this logs only by IP address and not by message contents? I have tried every string from the SK and some of my own, with no success.
Depends on what field this message appears in.
Not every log field is indexed (and thus not searchable).
Can't say i ever liked this solution. More and more thinking ill wait for R81 and do an importable list and just update that off an api
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 23 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 |
Tue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityTue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY