Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kevin_t
Participant

Custom Feed Blocking - SK103154

We are currently implementing the SK103154 to block known TOR nodes/IP addresses that Checkpoint provides.  We are trying to add more feeds to this custom list though, and they appear to not be reflecting in the gateways.  Specifically this URL:

https://talosintelligence.com/documents/ip-blacklist

The Checkpoint feeds work just fine, but this Talos one will not.  Anyone have any ideas on why this might be?  We are on R80.20

Relevant SK:  https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Any error messages that might provide a clue?
0 Kudos
kevin_t
Participant

No error messages, it works when I enable the custom threat feeds.  It is just that nothing populates when I run the command "fw samp get | grep threatcloud_ip_block"

0 Kudos
PhoneBoy
Admin
Admin

So it is blocking the IPs, just not showing in the appropriate list?
That might be worth a TAC case.
0 Kudos
Martin_Valenta
Advisor

Talos is returning http 429 code, when you try to pull their IP list to often, so you just might get blocked for certain period of time..
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events