This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mahesh
Explorer
‎2024-10-17 08:27 PM

406-Not acceptable error while testing external IOC feed in VSX environment

Getting 406-Not acceptable error while testing external IOC feed in VSX environment. Screenshot attached.

Usually 406 errors means server is unable to accept client's request. Does this mean it is an issue with the server where the feed is hosted ?

We are able to get the ip's when we try the same url in browser and curl connectivity also works fine.

We are using the same feed in Palo Alto firewall and it works fine over there.

Also, I got to know from below sk that vsx gateways are not supported but there is a confusion whether it indicates TOR list or IOC feed.

https://support.checkpoint.com/results/sk/sk103154

Tried custom csv file and able to block the ip's successfully.

Can someone assist here ?

Thanks in advance.

 

Preview file
17 KB
0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2024-10-18 06:53 AM

Version/JHF of gateway and management?
Note that the mechanism used in sk103154 is different from either of the following:

It's not clear from your description which method you're using here.
I do know that testing a Network Feed from a VSX VS will not work, see: https://community.checkpoint.com/t5/General-Topics/Network-Feeds-and-VSX/m-p/212877/highlight/true#M... 
Not sure this applies to Threat Intelligence Feeds or not.

Both should work on VSX, though (absent the "testing" function).

0 Kudos
mahesh
Explorer
‎2024-10-18 10:20 PM
In response to PhoneBoy

Hello @PhoneBoy,

Thanks for the reply.

We are using R81.10 take 139 Vsx gateway and adding external IOC feed.

As per the community article shared by you, testing the IOC feed in vsx gateways is not supported but we can test the feed in normal gateway and use it in VSX gateways to block the ip's.

I have tested the feed in normal Quantum security gateway which was successful  and added the same feed in VSX gateway but unable to block the ip's present in the feed. No logs observed either when we try to ping the ip's.

Instead the ip's are getting blocked by the access rule configured and not using IOC feed.

Hope the requirement is clear.

Thanks.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-21 06:38 AM
In response to mahesh

Best to consult with TAC here: https://help.checkpoint.com 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-10-18 07:43 AM

See if this helps?

Andy

https://community.checkpoint.com/t5/Management/Adding-Threat-Prevention-IOC-s-via-SmartConsole/td-p/...

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events