This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MTS
Participant
‎2022-03-30 06:33 AM

Is there anything like PaloAlto's "External Dynamic Lists" on CheckPoint's Firewall?

Hello,

 

I am trying to enhance the CheckPoint policy security level.

 

And I am looking for a dynamic list from a great Security Vendor that can be applied to a Firewall policy to protect users from malicious IP addresses.

I find that PaloAlto is using an object named External Dynamic Lists, and it also provides

"Palo Alto Networks Known Malicious IP Addresses"

"Palo Alto Networks High-Risk IP Addresses"

as objects to allow IT admin to apply them to a Firewall policy for blocking/blacklist purposes.

 

I wonder if CheckPoint also provides the same great objects there.

 

Thank you!

 

 

 

0 Kudos
11 Replies
Juan_
Collaborator
‎2022-03-30 06:42 AM

Not  sure if checkpoint provides it's own list, but what you can configure are intelligence feeds through the threat prevention feature Threat Indicators

 

 

0 Kudos
delToro1
Contributor
‎2022-03-30 10:05 AM

Hello, you can import IOCs list from SmartConsole or CLI. I found a whitepaper in this community and maybe may be util for you.

https://community.checkpoint.com/t5/General-Topics/White-Paper-Importing-Custom-IOC-s-in-SmartConsol...

https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/ips-av-ab/1377/1/Integrating%20Cu...

 

 

0 Kudos
Martin_Raska
Advisor
Advisor
‎2022-03-31 02:45 AM
In response to delToro1

Under application control just use categories as Critical and High risk, Spam, Spyware & Malicious and you don't need to deal with IP blacklist.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-03-31 02:51 AM

Much more, but in a different way: IP addresses are usually evaluated by TP in ThreatCloud (much better than a list); Dynamic / Updateable Objects can use customer-created IP lists, see Can we create custom updatable objects in R80.20

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2022-03-31 04:53 AM

R81.20 - currently in EA - might have what you're asking for:

https://community.checkpoint.com/t5/Product-Announcements/R81-20-EA-Program-Production/ba-p/135926

 

Enhancing the gold standard in Security Management: Quantum R81.20 lets you leverage the new Management API to integrate security from the ground up and efficiently manage access policies with support for dynamic policy objects taken from external sources. 

0 Kudos
Iain_K
Participant
‎2024-05-16 07:02 PM

Yes. External Network Feeds. https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid...

the_rock
MVP Platinum
MVP Platinum
‎2024-05-16 07:04 PM
In response to Iain_K

You got it! Best part is, no need to have AV or AB blades enabled to use network feeds.

I made post about it.

Andy

https://community.checkpoint.com/t5/Security-Gateways/Network-feed/m-p/212407#M40317

Best,
Andy
0 Kudos
Duane_Toler
MVP Silver
MVP Silver
‎2024-05-17 08:28 AM

R81+ now includes a "Generic Data Center" that you populate with a JSON file of IPs/networks.  You can update this object via management API and Ansible.

 

https://support.checkpoint.com/results/sk/sk167210

Management API:  https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-data-center-object~v1.7%20

Ansible: cp_mgmt_add_data_center_object module

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
the_rock
MVP Platinum
MVP Platinum
‎2024-05-17 06:28 PM
In response to Duane_Toler

Great suggestion.

Best,
Andy
0 Kudos
NetworkNerd16
Explorer
‎2024-09-26 06:20 AM

What are the replies to this? I want to know too. This is the screen I see

 

 

Preview file
69 KB
0 Kudos
_Val_
Admin
Admin
‎2024-09-26 07:14 AM
In response to NetworkNerd16

Your screenshot does not seem to be related to this discussion. Reach out to me directly via a PM, please

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events