Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
0b708c5a-0dae-3
Explorer

Does Checkpoint R80.30 provide an interface to BlackList providers like AbuseIPDB?

Jump to solution

I have an on-premise R80.30 firewall.  I would like to have the firewall check a blacklist of IP Addresses and block all traffic from and to bad actors.  I would prefer this blacklist be updated periodically, but cached locally on my firewall.

Is this possible with a checkpoint provided blacklist or some other provider (like AbuseIPDB)?

0 Kudos
1 Solution

Accepted Solutions
Tobias_Moritz
Advisor

Unfortunately, R80.30 is unable to filter incoming traffic with the Custom IOC feature. This starts working with R81. Same goes for IPv6. Also not working in that feature with anything below R81. This info is also in the sk linked by Jan.

If filtering incoming traffic is really needed and you cannot upgrade to a modern version, than you could use the Rate Limiting DoS-Feature from sk103154 as workaround. Still no IPv6 with that feature.

Please also take care, that you need TP (more concrete AV or AB) license for Custom IOC feature to work.

In more modern versions like R81.10, you could create a Custom Data Center object which you can populate by the filter lists of your choice and then use that object in your rulebase. This would not need TP blades (or licenses).

View solution in original post

3 Replies
Jan_Kleinhans
Advisor

Hello,

 

you can do this via ioc_feeds.

See What is the "Custom Intelligence Feeds" feature? (checkpoint.com)

 

 

0 Kudos
Tobias_Moritz
Advisor

Unfortunately, R80.30 is unable to filter incoming traffic with the Custom IOC feature. This starts working with R81. Same goes for IPv6. Also not working in that feature with anything below R81. This info is also in the sk linked by Jan.

If filtering incoming traffic is really needed and you cannot upgrade to a modern version, than you could use the Rate Limiting DoS-Feature from sk103154 as workaround. Still no IPv6 with that feature.

Please also take care, that you need TP (more concrete AV or AB) license for Custom IOC feature to work.

In more modern versions like R81.10, you could create a Custom Data Center object which you can populate by the filter lists of your choice and then use that object in your rulebase. This would not need TP blades (or licenses).

0b708c5a-0dae-3
Explorer

Thank you for the response.  Yes, incoming traffic is actually my primary concern. I did configure the IOC and confirmed that it only blocked outbound traffic.  I reviewed SK103154, and agree that would work.  I am also considering using a Dynamic Object in a policy rule and updating the object from a CLI script. I may just wait until R81 stabilizes, and I can move to it on my perimeter firewall.  Thank you for the quick response.

0 Kudos