UPDATE 04/08/2020: Please visit this page to download the latest version of the script: https://www.francescoficarola.com/check-point-automated-ip-blacklist/

Hello everyone,

my configuration is the following:

- A cluster of three security gateways (R80.20)

- Three Virtual Systems (configured on the three security gateways as follow: active/standby/backup)

I already activated the IOC Feed functionality on one of my VS to block outgoing traffic through Anti-Bot & Anti-Virus blades (sk132193), but I'd like to block incoming malicious traffic as well. I read the sk103154 documentation, which says the script must be ran on the management server.

I followed all steps, but when I run the script, it returns the following error:

[Expert@xntfw-pmgt1:0]# ./ip_block_activate.sh -a on -g gw_list -f feed_urls -s /home/admin/blacklist/ip_block.sh
Error: could not retrieve FWDIR from 10.100.97.101
Error: could not retrieve FWDIR from 10.100.97.101

(10.100.97.101 is the VS' IP)

Indeed, if I run the command responsible of that error into the script, I don't receive any output:

[Expert@xntfw-pmgt1:0]# cprid_util -server 10.100.97.101 getenv -attr "FWDIR"

[Expert@xntfw-pmgt1:0]#

but, if I run the same command with the management IP of the Security Gateway, then it gives me the following output:

[Expert@xntfw-pmgt1:0]# cprid_util -server 192.168.77.192 getenv -attr "FWDIR"
/opt/CPsuite-R80.20/fw1

So... is this functionality available for VSX environments?

Thanks,
Francesco