Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Antonis_Hassiot
Contributor

Problem with fetching Malicious IP feeds using sk103154

Hi,

Trying to block incoming traffic from Malicious IPs using: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

This is Section [3]  How to block traffic from custom IP feeds (managed from Management Server)

It seems to work ok for: https://secureupdates.checkpoint.com/IP-list/TOR.txt as I can see the following output on the Gateway:

 

operation=add uid=<5f85babb,000005d7,f102020a,0000132f> target=all timeout=3575 action=drop log=log comment=threatcloud_ip_block service=any source=range:199.249.230.165 pkt-rate=0 req_type=quota
operation=add uid=<5f85babb,000005d9,f102020a,0000132f> target=all timeout=3575 action=drop log=log comment=threatcloud_ip_block service=any source=range:199.249.230.167 pkt-rate=0 req_type=quota
operation=add uid=<5f85babb,000005da,f102020a,0000132f> target=all timeout=3575 action=drop log=log comment=threatcloud_ip_block service=any source=range:158.69.63.54 pkt-rate=0 req_type=quota

when issuing:  fw samp get | grep threatcloud_ip_block

Subsequently I have tried adding other feeds in there, but I don't see any new rules created as above. Examples:

 

http://www.talosintelligence.com/documents/ip-blacklist

https://api.blocklist.de/getlast.php?time=600

Any idea on how to troubleshoot this?

 

0 Kudos
Reply
2 Replies
PhoneBoy
Admin
Admin

Are you using ioc_feeds or something else?

0 Kudos
Reply
Antonis_Hassiot
Contributor

I am using the method described in sk103154 Section 3. Not using ioc_feeds commands but scripts. 

0 Kudos
Reply