Share your Cyber Security Insights
On-Stage at CPX 2025
Simplifying Zero Trust Security
with Infinity Identity!
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CheckMates Go:
What's New in R82
Hello,
Only works on R80.40
Link here: https://github.com/inscez/ckp-dyn-ip-block
I have recently been involved in a project where i had to block a list of 2000 IP Addresses that were provided by a third party vendor as a CSV. I have created a script that moves this to a local URL that is accessed by Security Gateways every 20 minutes and updated into dynamic blocking function of fw accel dos [basically blocking IPs using dos mitigation engine with a quota of 0 packets]. The advantages are that it works bidirectional and also without policy push.
Basically this has a deployment script that replicates the actual script to a list of GW. It has functionality to deploy, activate and deactivate the script. It can also clean the script. It only supports ONE URL but the scripts may be modified easily to support more than one.
The load on the Gateways is not very high an i am getting very good results with it in the last 2 months since it is deployed on 30+ gateways.
The old SK was using fw samp while this one is using fw accel dos. Another advantage is that this one also blocks outbound traffic and logs properly. The old fw samp solution is not logging correctly or is using only unsupported fields.
To see logs search Smart Log for SecureXL -> "The packet's destination IP is blacklisted (SecureXL device 0)"
I have used the following SK/articles for reference:
Best Regards,
Cezar
Hello,
Only works on R80.40
Link here: https://github.com/inscez/ckp-dyn-ip-block
I have recently been involved in a project where i had to block a list of 2000 IP Addresses that were provided by a third party vendor as a CSV. I have created a script that moves this to a local URL that is accessed by Security Gateways every 20 minutes and updated into dynamic blocking function of fw accel dos [basically blocking IPs using dos mitigation engine with a quota of 0 pac
...;
_Val_
@cezar_varlan1 I have sent you a message to your gmail box, please kindly reply at your earliest convenience.
Thanks,
Val
@cezar_varlan1 I have sent you a message to your gmail box, please kindly reply at your earliest convenience.
Thanks,
Val
;
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
