Create a Post
Showing results for 
Search instead for 
Did you mean: 

CheckPoint IPS - Automatically Block IP when a specific signature is triggered



I would like to ask if it's possible to set up a setting for specific Protections that allows to automatically block the IP that triggered a specific Protection, like for example for Scans - we would like to be able to automatically block IP's that triggered specific scanning signatures - as in adding them to a blacklist temporarily or until someone removes the ip from it, is that possible?

0 Kudos
1 Reply

If you have a SmartEvent license you can do that pretty easily. You have to create a Event definition with the Protection you want to trigger:


In our case this was used for the Log4j issue. With the automatic reactions you can block the IP for a desired time (max. 4 weeks I believe). 


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events