Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
80fd220b-e3b5-4
Explorer

block ip addresses

Hi Guys,

I have a couple of R81 firewalls and a management R81.10. I need to block a lot of malware ip addresses (almost 50) and I would like to know what is the best way, if creating a Block Access Control Policy rule with that ip as Desination or use "Custom Policy Tools" --> "Indicators".


thanks a lot
Emiliano

0 Kudos
4 Replies
CE_SE
Employee
Employee

See this topic for potential solution to your problem. 

 

https://community.checkpoint.com/t5/General-Topics/Blacklisting-rogue-IPs/m-p/141123#M25006

 

the_rock
Champion
Champion

Hi Emiliano,

You can aso check out below discussion we had recently about it:

https://community.checkpoint.com/t5/Security-Gateways/BLOCK-BAD-REPUTATION-IPS-IN-A-DYNAMIC-WAY/m-p/...

Andy

0 Kudos
80fd220b-e3b5-4
Explorer

thank you all for the answer.

In my case, I have a static list of IPs, about 50, I could block the access towards them using "indicators" features, for example. Looking at your advices there are different ways to do that, but I would like to know pro and cons of them knowing I have gateway with R81.

thanks

Emiliano

0 Kudos
Nüüül
Advisor

In case they are changing from time to time you could use the script initially meant to Import o365 objects. 
https://github.com/CheckPointSW-Community/IPaddressFeed2CheckPoint

you should just Need to put your IPList to i.e. a web server and change the source in the script(besides some variables).

Outcome is than a group with network objects you can use in policies and so on.

 

0 Kudos