Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion

Face recognition with R81

Face recognition is not only a magic of iPhones and Android. Also with Check Point Firewall's you can do this in R81.

For this purpose I have created a software in the last weeks, which implements this face recognition function with R81. For this I used the new "sk167210: Generic Data Center feature" in R81.

The Generic Data Center feature provides the ability to enforce access to/from IP addresses defined in JSON files located in external web servers on the Security Management machine. The „Generic Data Center Objects“ are updated automatically on the Security Gateway each time the JSON file change. There is no need to install policy for the updates to take effect.

Objects created based on these files can be used as a source or a destination in the access control policy.

How does it work:

I have developed a software with OpenCV that recognises faces. When a face is detected, the IP of the detected user is written to a JSON file „face_detect.txt“. If the user is not recognised for more than 5 seconds, a dummy IP is written to this JSON file. In my example the face detection software recognised myself and the IP 10.10.52.181 of my laptop is insert in the JSON file.

User „Heiko Ankenbrand“ was recognised:             No user was recognised:
F1.jpg f2.png


Here is an example of the JSON file „face_detect.txt“ that is created when a user is recognised.

f3.png

This file is provided via a web server (nginx) on my laptop so that the Check Point SMS can read this file as "Generic Data Center Object" from the web server.

On Check Point site a "Generic Data Center Object" is created in the Smart Console. This object fetches the JSON file „face_detect.txt“ every second from the web server from my face recognition software.

f4.JPG

f5.JPG

What we need now for example, is a firewall rule that allows access to the Internet. The „Generic Data Center Object“ is used as source here.

f6.JPG

This means, if the user face has been recognised, the IP of the user is added here via the "Generic Data Center Object“. If the user is not recognised via the face recognition a "dummy IP" is inserted here.

Therefore, the rule can be controlled almost in real time via face recognition. The „Generic Data Center Object“ provides the ability to enforce access to the IP address defined in JSON files located in external web servers on the Security Management machine. The „Generic Data Center Object“ is updated automatically on the Security Gateway each time the JSON file change via the face recognition. There is no need to install policy for the updates to take effect.

I will provide an improved version of the face recognition software on GIT in the next weeks.


➜ CCSM Elite, CCME, CCTE
(2)
39 Replies
JozkoMrkvicka
Mentor
Mentor

Starting from API 1.6.1 (R80.40 JHF 78), there is posibility to call API command show-logs

Just a hint that searching for logs is possible also via API 😉 Running mgmt_cli should be possible using mgmt_cli.exe from Windows, or ?

Kind regards,
Jozko Mrkvicka
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @JozkoMrkvicka ,

With the first JHF of R81, there should be the Web Smart Console in read only mode.

So we can certainly call the URL via voice recognition. With this you can certainly control the log search. 

Then I have a craft project ahead of me.😀

 


➜ CCSM Elite, CCME, CCTE
h_hong
Explorer

Hi @HeikoAnkenbrand ,

I have been working in Switzerland for years. Here, there is a complicated tendering procedure for public IT projects. If we include this as a project goal, it can only be a Check Point firewall:

- firewall face recognition
- firewall voice recognition

😂🙃🤣

very nice solution 

Tamar
Participant

great job @HeikoAnkenbrand 

@h_hong it is an interesting feature for a battlecard! 🤪

0 Kudos
Reinhard_G
Participant

Crazy but good idea! 😂

0 Kudos
Thanh
Explorer

nice

0 Kudos
charlie_h
Participant

👍

0 Kudos
Infinigate_Sup
Participant

@HeikoAnkenbrand 

Nice solution!

0 Kudos
Reimar_W
Participant

Very nice!

0 Kudos
T_Westwood
Participant

top👍🏻

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events