- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
What is the difference between Custom Intelligence feed and Network Feeds ?
Both are used to push IP/domains which one needs to block without policy installation.
Custom intelligence feeds are basically a block list for AntiVirus/AntiBot Blades, which are required to use this feature.
Network Feeds can be used in the Access Policy (in addition) and only requires Firewall blades.
Neither require a policy push to update.
Regardless of which method you use, if you have a lot of IoCs, R81.20 is a better choice as it supports millions of IoCs.
Thanks @PhoneBoy for your response. I could see that the Custom Intelligence Feed supports MD5(files) as well; which aren't supported in the external network feeds.
I think basically if someone has NGFW lic - they could use it in access policy and if someone has NGTP lic - better to use Custom Intelligence Feeds.
https://support.checkpoint.com/results/sk/sk132193
I would say biggest difference is that with network feeds, you CAN enforce fqdn, unlike with IOC you cant (not to be confused with International Olympic commitee lol)
Hope that helps.
Andy
Custom intelligence feeds are basically a block list for AntiVirus/AntiBot Blades, which are required to use this feature.
Network Feeds can be used in the Access Policy (in addition) and only requires Firewall blades.
Neither require a policy push to update.
Regardless of which method you use, if you have a lot of IoCs, R81.20 is a better choice as it supports millions of IoCs.
Correct me if Im wrong when I say this, but dont you need a rule like below to take full advantage of IOC or is just having them in smart console enough?
Andy
Custom Intelligence Feeds are treated as "block" in AntiVirus/Anti-Bot blades.
There is no other configuration required in SmartConsole.
K, so just to make sure Im not missing anything...are you saying IF av blade is enabled on the firewall, and also on TP profile, then generic data center objects dont need to be added to any security rule?
Andy
Generic data centre objects are used differently from IOC feeds.
Thanks Chris, I was confusing some things here, long night last night troubleshooting Cisco switch lol
Anyway, I think Im good now...have a nice weekend mate.
Andy
Thanks @PhoneBoy for your response. I could see that the Custom Intelligence Feed supports MD5(files) as well; which aren't supported in the external network feeds.
I think basically if someone has NGFW lic - they could use it in access policy and if someone has NGTP lic - better to use Custom Intelligence Feeds.
That makes sense.
Hi @PhoneBoy
What is the correct way to block a list of Malicious IPs that come to us in daily newsletters like IoC?
We have a VSX environment where our VS, some of them, have Threat Prevention enabled (IPS/AV/AB)
So, if we have these Blades available is using IoC Feeds the "best option"?
Our “Feed” SOURCE can be a simple Windows server with a txt file that can be ‘updated’ whenever we need with new Malicious IPs?
Thanks for your comments.
Hey bro,
FWIW, I personally recommend people use info from below (network feeds), since it does NOT need av and/or ab blades enabled.
Andy
https://community.checkpoint.com/t5/Security-Gateways/Network-feed/m-p/212407#M40317
Network Feeds have a small issue in VSX: You cannot verify the feed before it saved/activated with a VS.
You have to use a non-VSX gateway for this.
At least that's the case in R81.20, not sure about R82.
IOC Feeds can be used for this purpose also if you have AV/AB blades enabled.
Works in R82. for sure, tested in the lab.
Andy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
20 | |
18 | |
18 | |
11 | |
11 | |
7 | |
7 | |
7 | |
6 | |
5 |
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 02:00 PM (EDT)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - AMERAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY