Blocking TOR dynamically on Maestro + VSX

eliadcourt

Hi everyone.

I wish to block TOR using the list published by CP.

AFAIU, my options are:
1. Network feeds.
2. IOC feeds.
3. Dynamic object.

Network feeds isn't supported on VSX - sk79700.

As for IOC feeds, I had a hard time figuring out if it's supported.
I tried using it, but I couldn't do "Test Feed", as it didn't recognize any FW object.
I've added the object anyway, and installed policy.
Under the new object I don't see any observables.
In CLI, ioc_feeds doesn't show anything.

If I try adding through ioc_feeds, it says it's missing the AV-AB blades, even though they are installed.
We had some weird issue I can't remember right now, that these blades didn't work properly because it needed them to be active on the VS 0 as well.

Last is dynamic object, but building some mechanism is a bit to time consuming right now.

Any thoughts?

Tal_Paz-Fridman

According to the SK for IOC the following is supported:

Only these versions for Scalable Platforms (Maestro and Chassis) support IoC feeds:
- R81.10 and higher (PMTR-65769).
- R80.20SP Jumbo Hotfix Accumulator, Take 283 or higher (MBS-13295).

https://support.checkpoint.com/results/sk/sk132193

eliadcourt

Yeah, sorry, forgot to mention.
We have 81.20 jhf 84 on th SGMs., and jhf 65 on the MGMT.

Wolfgang

@eliadcourt following sk79700, IOC feeds are supported with VSX, only network feeds not.

PhoneBoy

And specifically, it's the "test" functionality that doesn't work.
If you have a non-VSX gateway to validate the feed on, it should work on VSX.