Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
bhassingh
Explorer

Need to create list of IP to be block

migrating form old infra Sophos firewall to CP 15000 .

old firewall having 100K ip address list in block.

need to know how to do it in CP15000 firewall via CLI or Smart console.

0 Kudos
3 Replies
_Val_
Admin
Admin

I assume you want to create a policy rule to block these IPs, correct?

0 Kudos
Kenie6344
Explorer

To create a large list of IP addresses to be blocked on a Check Point 15000 firewall, you can use the Command Line Interface (CLI) or the SmartConsole management tool. The CLI allows you to perform configurations directly on the firewall appliance, while the SmartConsole provides a more user-friendly graphical interface for managing Check Point devices. Here's how you can do it using both methods:

### Using CLI (Command Line Interface):

1. Connect to the Check Point 15000 firewall using a terminal emulator like PuTTY or any SSH client.
2. Enter the Expert mode by typing `expert` and providing the admin password when prompted.

3. Create a text file (e.g., blocklist.txt) with the list of IP addresses to be blocked, one IP address per line, like this:
```
192.168.1.1
10.0.0.1
172.16.0.100
...
```

4. Copy the text file to the firewall using SCP or any other file transfer method.

5. Use the `fw samp` command to add the IP addresses from the file to the firewall's SAM (Suspicious Activity Monitoring) list. For example:
```
fw samp -i blocklist.txt -n MyBlockList -s
```

Here, `-i` specifies the input file, `-n` specifies the name of the list (e.g., MyBlockList), and `-s` saves the changes.

6. After adding the IP addresses to the SAM list, you need to create a rule to block these IPs. You can do this using the `fw samp block` command. For example:
```
fw samp block MyBlockList
```

### Using SmartConsole:

1. Open the SmartConsole application and connect to the Check Point 15000 firewall using your management credentials.

2. In the left-hand navigation pane, go to the "Policy" section.

3. Click on "Access Control" and then "Policy" on the right-hand pane.

4. Create a new "Layer" or use an existing one to add the block rule.

5. Click on "Add Rule" and then define the rule properties, such as the Source, Destination, Service, etc.

6. In the "Source" field, click on the "..." button to open the "Edit Source" window.

7. Click on "New" to create a new "Address Range" object, and then paste or import the list of IP addresses from the blocklist.txt file.

8. Once the address range object is created, select it as the source in the rule.

9. Complete the rule configuration and click "OK" to save the rule.

10. Install the policy to apply the changes to the Check Point firewall.

Using the SmartConsole provides a more user-friendly approach, but for such a large number of IP addresses, it might be more convenient to use the CLI and import the addresses from a text file. MyLabCorp.com

Remember that blocking a large number of IP addresses can have a performance impact on the firewall, so make sure to test and monitor the performance after implementing the changes.

0 Kudos
PhoneBoy
Admin
Admin

With that many IPs, you should most definitely be on R81.20 and use the Network Feeds option.
See: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid... 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events