This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kiikoo15
Participant
yesterday

Blocked Sources Group Firewall

Hi everyone,

I'm facing an issue with the Automated Remediation policy on my external firewall (as seen in the SmartConsole under the "Block traffic from suspected devices" rule).

Currently, the Blocked Sources group contains two internal IP addresses that were automatically added:

No Direct Edit: Since it's an automated dynamic group, the object itself cannot be edited or modified directly within the SmartConsole.

Playblocks: I checked the Playblocks/Automation portal, but unfortunately, neither of these two internal IPs are showing up there, so I can't release them from the GUI.

Is there a way to force the removal of these specific IPs? Do I need to use the CLI on the Management Server to clear them from this dynamic feed? If so, what are the exact commands or API calls required to achieve this?

Any help or guidance would be greatly appreciated!

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
yesterday

Moving this to the Playblocks forum.
Here's what a similar TAC case suggests:

  • In Playblocks, open the Lists page (Playblocks calls them “lists”; in SmartConsole they are Generic Data Center objects). Remove the IP/device from the relevant list that Playblocks created (e.g., Blocked Sources, Quarantine Sources, Block Destinations). Playblocks created a policy layer with rules that reference these lists (“blocking access of blocked sources,” “quarantine sources,” “block destinations”).
  • You can also view the same lists in SmartConsole under the Playblocks-added policy layer and remove the entry there. Playblocks updates gateways in real time through Generic Data Center objects, so once you remove the entry, enforcement is lifted without a policy install.
0 Kudos
kiikoo15
Participant
15 hours ago
In response to PhoneBoy

In Playblocks: I opened the Lists page, but the list appears completely empty. Neither of the two blocked internal IPs are visible in the Playblocks UI, so I cannot remove them from there.

In SmartConsole: If I check the Playblocks-added policy layer and inspect the specific Generic Data Center object/list, the two internal IPs are clearly listed there and actively being enforced.

0 Kudos
Tal_Ben_Bassat
MVP MVP
MVP
11 hours ago
In response to kiikoo15

Hi  @kiikoo15 


It sounds like the "Check Point Firewall Enforcement" connector (Previously called Quantum Enforcement) is disconnected on your side. Therefore you don't have the lists under lists page. 

Possible that it was disconnected if you disconnected the management from the cloud. 

Can you please share with me the Account ID - talbb@checkpoint.com 

and we will be happy to help! 

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Trending Discussions
Blocked Sources Group Firewall
Upcoming Events

    Sort by:
    CheckMates Events