UPDATE 04/08/2020: Please visit this page to download the latest version of the script: https://www.francescoficarola.com/check-point-automated-ip-blacklist/
Hello everyone,
my configuration is the following:
- A cluster of three security gateways (R80.20)
- Three Virtual Systems (configured on the three security gateways as follow: active/standby/backup)
I already activated the IOC Feed functionality on one of my VS to block outgoing traffic through Anti-Bot & Anti-Virus blades (sk132193), but I'd like to block incoming malicious traffic as well. I read the sk103154 documentation, which says the script must be ran on the management server.
I followed all steps, but when I run the script, it returns the following error:
[Expert@xntfw-pmgt1:0]# ./ip_block_activate.sh -a on -g gw_list -f feed_urls -s /home/admin/blacklist/ip_block.sh
Error: could not retrieve FWDIR from 10.100.97.101
Error: could not retrieve FWDIR from 10.100.97.101
(10.100.97.101 is the VS' IP)
Indeed, if I run the command responsible of that error into the script, I don't receive any output:
[Expert@xntfw-pmgt1:0]# cprid_util -server 10.100.97.101 getenv -attr "FWDIR"
[Expert@xntfw-pmgt1:0]#
but, if I run the same command with the management IP of the Security Gateway, then it gives me the following output:
[Expert@xntfw-pmgt1:0]# cprid_util -server 192.168.77.192 getenv -attr "FWDIR"
/opt/CPsuite-R80.20/fw1
So... is this functionality available for VSX environments?
Thanks,
Francesco