cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Can you update a "fw sam" entry instead of removing and readding it?

Hi Checkmates,

we use a custom script to temporarily block malicious IPs with SAM rule. Currently, each time an operator needs to extend a blocked IP, he needs to remove the SAM rule and add it using the -t (timeout) argument.

Is there a way to update the SAM entry instead of having to remove and adding it again?

This is done via the command line.

Thanks!

1 Reply
Employee+
Employee+

Re: Can you update a "fw sam" entry instead of removing and readding it?

No. The only way to update the Expiration time is to remove it first. But since you are doing this via command line, you can remove it via CLI before adding it in again.

fw sam -s MgmtIP -C -l long_alert -J src IP2Block
fw sam -s MgmtIP -t 604800 -l long_alert -J src IP2Block

the -C before the SAM entry will remove it. The example above first removes an entry and then adds it in again. The timeout is not needed on the remove, but in my quick testing, it appears that the -l (log type) is.