Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MTS
Participant

Is there anything like PaloAlto's "External Dynamic Lists" on CheckPoint's Firewall?

Hello,

 

I am trying to enhance the CheckPoint policy security level.

 

And I am looking for a dynamic list from a great Security Vendor that can be applied to a Firewall policy to protect users from malicious IP addresses.

I find that PaloAlto is using an object named External Dynamic Lists, and it also provides

"Palo Alto Networks Known Malicious IP Addresses"

"Palo Alto Networks High-Risk IP Addresses"

as objects to allow IT admin to apply them to a Firewall policy for blocking/blacklist purposes.

 

I wonder if CheckPoint also provides the same great objects there.

 

Thank you!

 

 

 

0 Kudos
11 Replies
Juan_
Collaborator

Not  sure if checkpoint provides it's own list, but what you can configure are intelligence feeds through the threat prevention feature Threat Indicators

 

 

0 Kudos
delToro1
Contributor

0 Kudos
Martin_Raska
Advisor
Advisor

Under application control just use categories as Critical and High risk, Spam, Spyware & Malicious and you don't need to deal with IP blacklist.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Much more, but in a different way: IP addresses are usually evaluated by TP in ThreatCloud (much better than a list); Dynamic / Updateable Objects can use customer-created IP lists, see Can we create custom updatable objects in R80.20

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Tal_Paz-Fridman
Employee
Employee

R81.20 - currently in EA - might have what you're asking for:

https://community.checkpoint.com/t5/Product-Announcements/R81-20-EA-Program-Production/ba-p/135926

 

Enhancing the gold standard in Security Management: Quantum R81.20 lets you leverage the new Management API to integrate security from the ground up and efficiently manage access policies with support for dynamic policy objects taken from external sources. 

0 Kudos
Iain_K
Participant

the_rock
Legend
Legend

You got it! Best part is, no need to have AV or AB blades enabled to use network feeds.

I made post about it.

Andy

https://community.checkpoint.com/t5/Security-Gateways/Network-feed/m-p/212407#M40317

0 Kudos
Duane_Toler
Advisor

R81+ now includes a "Generic Data Center" that you populate with a JSON file of IPs/networks.  You can update this object via management API and Ansible.

 

https://support.checkpoint.com/results/sk/sk167210

Management API:  https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-data-center-object~v1.7%20

Ansible: cp_mgmt_add_data_center_object module

 

the_rock
Legend
Legend

Great suggestion.

0 Kudos
NetworkNerd16
Explorer

What are the replies to this? I want to know too. This is the screen I see

 

 

0 Kudos
_Val_
Admin
Admin

Your screenshot does not seem to be related to this discussion. Reach out to me directly via a PM, please

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events