Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kweiwing_neng
Participant

Malicious IP Blocking

Dear Expert,

Would like to to enquire if there is a solution to push a policy where it will automatically update the list of malicious IPs to be blocked.

Have read the following article: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

But it does not instruct on if there is a way to automatically update the list of malicious IP addresses.

Many thanks.

Best Regards,

J

 

0 Kudos
3 Replies
_Val_
Admin
Admin

The mentioned SK is old, and we have a better way of doing the same, through a custom IOC feed feature. Please look into sk132193. As part of the functionality, you can control how often the feed is pulled/pushed. 

0 Kudos
PhoneBoy
Admin
Admin

Depending on version of code, you have a few options for creating a list of IPs to block that you can update at will:

1. ioc_feeds (uses AV and/or AB blade)

2. Updating either a Threat Prevention or Access Policy via API (requires policy push).

3. Generic Datacenter object (R81+) — access policy

4. Network feed object (R81.20+) — access policy

0 Kudos
Sergei_Shir
Employee
Employee

sk103154 - How to block traffic coming from known malicious IP addresses was updated by R&D and QA teams.

This SK applies to:

  • R80.30, R80.40 versions, without Anti-Virus or Anti-Bot
  • R77.x, R80.10, and R80.20 versions, with and without Anti-Virus or Anti-Bot

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events