This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Scott_Paisley
Advisor
‎2021-05-18 05:39 AM
Jump to solution

fw samp stopped working

I have a ticket open, but thought I would ask here also...

We have been using the ip blocklist feature from sk103154 across all our gateways for some time, and it was working great. Today I found it is not working as expected.

We run the script on the management station every day to enable the feature on the remote gateways, and we have a list of feeds that we use.

One of them is a custom list we maintain.

When I run the script, I get this response from the gateway

ip_block: Malicious IP blocking mechanism is ON

which is the expected result, but when I run the command

fw samp get | grep threatcloud_ip_block | grep 185.53.179.28

I get no result

the log on the gateway says this

Tue May 18 07:58:08 -04 2021 update_feeds
Tue May 18 07:58:08 -04 2021 updating https://xxxx/blacklist.txt
Tue May 18 07:58:08 -04 2021 Not using proxy
Tue May 18 07:58:09 -04 2021 LAST_UPDATE = Last-Modified:Tue18May202111:28:55GMT
Tue May 18 07:58:09 -04 2021 last_update new = Last-Modified:Tue18May202111:28:55GMT
Tue May 18 07:58:09 -04 2021 last_update old = Last-Modified:Tue18May202111:28:55GMT
Tue May 18 07:58:09 -04 2021 old_timeout = 1621337889
Tue May 18 07:58:09 -04 2021 new_timeout_sec = 1621339089
Tue May 18 07:58:09 -04 2021 file name = /opt/CPsuite-R80.40/fw1/database/httpsxxxxblacklisttxt
Tue May 18 07:58:09 -04 2021 last_update_delta = 1260
Tue May 18 07:58:09 -04 2021 samp_rule_timeout = 3600
Tue May 18 07:58:09 -04 2021 samp_delta = 2400
Tue May 18 07:58:09 -04 2021 https://xxxx/blacklist.txt: feed is up to date

and if I CAT the file I see this

add -a d -l r -t 3600 -c threatcloud_ip_block quota service any source range:45.61.138.171 pkt-rate 0
add -a d -l r -t 3600 -c threatcloud_ip_block quota service any source range:45.84.0.127 pkt-rate 0
add -a d -l r -t 3600 -c threatcloud_ip_block quota service any source range:212.109.221.205 pkt-rate 0
add -a d -l r -t 3600 -c threatcloud_ip_block quota service any source range:185.243.214.107 pkt-rate 0
add -a d -l r -t 3600 -c threatcloud_ip_block quota service any source range:104.247.81.52 pkt-rate 0
add -a d -l r -t 3600 -c threatcloud_ip_block quota service any source range:99.83.154.118 pkt-rate 0
add -a d -l r -t 3600 -c threatcloud_ip_block quota service any source range:185.53.177.31 pkt-rate 0
add -a d -l r -t 3600 -c threatcloud_ip_block quota service any source range:185.53.178.30 pkt-rate 0
add -a d -l r -t 3600 -c threatcloud_ip_block quota service any source range:185.53.179.28 pkt-rate 0

which includes the entry I am looking for

Also if I run the command locally, it works

fw samp add -a d -l r -t 3600 -c threatcloud_ip_block quota service any source range:185.53.179.28 pkt-rate 0

fw samp get | grep threatcloud_ip_block | grep 185.53.179.28

operation=add uid=<60a3b4ca,00000000,058ec3a1,000052d4> target=all timeout=3578 action=drop log=log comment=threatcloud_ip_block service=any source=range:185.53.179.28 pkt-rate=0 req_type=quota

Any ideas?

Thanks

10 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Thu 02 May 2024 @ 05:00 PM (CEST)

    SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
    CheckMates Events