This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JChang
Explorer
‎2026-03-12 05:59 PM

how to import bulk ip addresses or domains to spark 1900 using smartconsole ?

Hi Guys,

I want to know how to import bulk ip addresses or domains to spark 1900 using smartconsole. Could you please provide documents for my reference ?

Thanks a lot.

Jeremy

0 Kudos
5 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2026-03-12 06:28 PM

To use as objects in the firewall policy? or to use as IOCs e.g.

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_ThreatPrevention_AdminGuide/Conten...  

CCSM R77/R80/ELITE
0 Kudos
JChang
Explorer
‎2026-03-12 06:32 PM
In response to Chris_Atkinson

Hi Chris

Thank you for your reply. What can I do if I want to use the object in the firewall policy ?

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2026-03-12 07:35 PM
In response to JChang

Use the API to import objects from a CSV file e.g.

CLI API Example for exporting, importing, and dele... - Check Point CheckMates

CCSM R77/R80/ELITE
0 Kudos
JChang
Explorer
‎2026-03-12 06:56 PM

I find the External Network Feed function can import IP addresses or Domain from the external server using Plain list. What kind of file format supported for this plain list ?

0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-03-13 03:25 AM
In response to JChang

This is a text file either as flat list or json and in the config of the external feed you define either the delimiter of the flat list or jq query to parse the json structure.
https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_SecurityManagement_AdminGuide/Cont...

Use Case: If you use zscaler you can directly download a json with objects from them
https://config.zscaler.com/api/zscaler.net/cenr/json
then you tell your network feed how to parse it. Here for this use case the jq query:

."zscaler.net"[] | .[] | .[] | .range

That's it.
The feature then retrieves the json and converts it to a simple list, same as if you chose flat list as format.
Just simulated it on the cli to demonstrate:

curl -s https://config.zscaler.com/api/zscaler.net/cenr/json | jq '."zscaler.net"[] | .[] | .[] | .range' | head -n 5
"2a03:eec0:3900::/40"
"159.254.250.0/23"
"159.254.242.0/23"
"159.254.244.0/23"
"159.254.246.0/23"


Flat list is easy. Just a list with one object per line.
So would look somewhat like this if you choose IP as type

# Blocked IP addresses - updated daily
# Last update: 2025-03-13
1.2.3.4
10.0.0.0/24
192.168.1.1-192.168.1.50
malicious-domain.com
*.bad-example.org
203.0.113.5
198.51.100.0/24

 

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events