Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
62742738
Participant
Jump to solution

IP Reputation & Custom Intelligence Feeds

Which does security gateway look for first? Custom Intelligence Feeds or the IP Reputation?

Because the traffic of a certain IP is getting blocked but it is not included in the custom feeds and the logs show that it is due to IP reputation.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

If traffic is blocked due to your configured Threat Intelligence feeds, the logs will reflect that.
IP Reputation comes from ThreatCloud and is enforced by AntiBot and/or AntiVirus blades.
You can configure a specific exclusion for this IP address in your Threat Prevention policy.
If you think the relevant IP address is not malicious/bad reputation, please contact TAC to have the situation reviewed: https://help.checkpoint.com 

View solution in original post

0 Kudos
4 Replies
_Val_
Admin
Admin

The answer is, both at the same time. If an IP appears in either, it will be blocked. 

62742738
Participant

Do you have any idea as to why an IP keeps getting blocked despite its exclusion from custom feeds and the logs show that it is due to IP reputation?

0 Kudos
PhoneBoy
Admin
Admin

If traffic is blocked due to your configured Threat Intelligence feeds, the logs will reflect that.
IP Reputation comes from ThreatCloud and is enforced by AntiBot and/or AntiVirus blades.
You can configure a specific exclusion for this IP address in your Threat Prevention policy.
If you think the relevant IP address is not malicious/bad reputation, please contact TAC to have the situation reviewed: https://help.checkpoint.com 

0 Kudos
62742738
Participant

Alright, got it. Thank you!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events