This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ArsathParves1
Contributor
‎2023-10-11 09:00 AM

Blocking Multiple domain using script on R81.10

Hi Checkmates,

Is there a method to efficiently block a large number of domains, such as 1000 or more, using a script in the R81.10 environment? Currently, within our network, we have access policies to block domains and we maintain a network object group where we typically list domain FQDN which we wanted to block. However, we recently received a request to block over 1000 domains, and we're looking for a way to add them in bulk to our existing network object group. Is there a script or method available for this scenario?

#6200 #R81.10

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2023-10-11 10:09 AM

You might find it easier to upgrade to R81.20 and put all the domains in a Network Feed.
This will allow you to maintain this block list without having to manipulate objects in a group or pushing policy.

Having said that, you can script this with something like the following two commands and some looping:

  • mgmt_cli -s sid.txt add dns-domain name ".example.com" is-sub-domain false
  • mgmt_cli -s sid.txt set group name "MyGroup" members.add ".example.com"

A publish action every 100 or so iterations is recommended.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events