This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bhassingh
Explorer
‎2023-07-29 05:08 AM

Need to create list of IP to be block

migrating form old infra Sophos firewall to CP 15000 .

old firewall having 100K ip address list in block.

need to know how to do it in CP15000 firewall via CLI or Smart console.

Labels
0 Kudos
3 Replies
_Val_
Admin
Admin
‎2023-08-02 07:15 AM

I assume you want to create a policy rule to block these IPs, correct?

0 Kudos
Kenie6344
Explorer
‎2023-08-04 05:16 AM

To create a large list of IP addresses to be blocked on a Check Point 15000 firewall, you can use the Command Line Interface (CLI) or the SmartConsole management tool. The CLI allows you to perform configurations directly on the firewall appliance, while the SmartConsole provides a more user-friendly graphical interface for managing Check Point devices. Here's how you can do it using both methods:

### Using CLI (Command Line Interface):

1. Connect to the Check Point 15000 firewall using a terminal emulator like PuTTY or any SSH client.
2. Enter the Expert mode by typing `expert` and providing the admin password when prompted.

3. Create a text file (e.g., blocklist.txt) with the list of IP addresses to be blocked, one IP address per line, like this:
```
192.168.1.1
10.0.0.1
172.16.0.100
...
```

4. Copy the text file to the firewall using SCP or any other file transfer method.

5. Use the `fw samp` command to add the IP addresses from the file to the firewall's SAM (Suspicious Activity Monitoring) list. For example:
```
fw samp -i blocklist.txt -n MyBlockList -s
```

Here, `-i` specifies the input file, `-n` specifies the name of the list (e.g., MyBlockList), and `-s` saves the changes.

6. After adding the IP addresses to the SAM list, you need to create a rule to block these IPs. You can do this using the `fw samp block` command. For example:
```
fw samp block MyBlockList
```

### Using SmartConsole:

1. Open the SmartConsole application and connect to the Check Point 15000 firewall using your management credentials.

2. In the left-hand navigation pane, go to the "Policy" section.

3. Click on "Access Control" and then "Policy" on the right-hand pane.

4. Create a new "Layer" or use an existing one to add the block rule.

5. Click on "Add Rule" and then define the rule properties, such as the Source, Destination, Service, etc.

6. In the "Source" field, click on the "..." button to open the "Edit Source" window.

7. Click on "New" to create a new "Address Range" object, and then paste or import the list of IP addresses from the blocklist.txt file.

8. Once the address range object is created, select it as the source in the rule.

9. Complete the rule configuration and click "OK" to save the rule.

10. Install the policy to apply the changes to the Check Point firewall.

Using the SmartConsole provides a more user-friendly approach, but for such a large number of IP addresses, it might be more convenient to use the CLI and import the addresses from a text file. MyLabCorp.com

Remember that blocking a large number of IP addresses can have a performance impact on the firewall, so make sure to test and monitor the performance after implementing the changes.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-08-21 03:52 PM

With that many IPs, you should most definitely be on R81.20 and use the Network Feeds option.
See: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid... 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events