This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
panda7zip
Explorer
‎2019-04-15 12:02 AM

Checkpoint r80.10 block ip feed and send logs to rsyslog server

Hello! Could you help me please? i'm testing checkpoint security gateway with gaia 80.10. I have ip feed which is updating every few hours and want to block ips from this feed. 
I already configured checkpoint with nat, created host behind nat with local ip and tried to make what i need with this article:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
but i cant download scripts cause i dont have valid subscriptions, just want to test
i've done scripts like TOR blocking script but with my own ip feed and url.
samp policy adds my ip feed but checkpoint not blocking those ips and no logs about deny or allow traffic  in smartview and smartconsole. 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2019-04-17 05:56 AM

fw samp only generates logs when it drops traffic.
But if you're generating your own IOC feed, you should be using the Custom Intelligence Feeds option: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
panda7zip
Explorer
‎2019-04-18 07:59 AM
In response to PhoneBoy

Thank you, seems that it is what i need, but when i trying to install hotfix with ioc_feeds i got 

The package failed a pre-install validation at Thu Apr 18 16:01:00 2019
Reason of failure: The package is not compatible to install - A fix conflict was detected during pre-install validation.
To prevent system instability, installation will not continue.
Please contact Check Point support with the following information:

Package: Check_Point_R80.10_JHF_T121_Hotfix_sk132193_FULL.tgz
conflicts with the following hotfixes:

R80.10 Jumbo Hotfix Accumulator General Availability (Take 189)
R80_10_New_Image

For more information - see log files:
/opt/CPInstLog/CRSValidator_fw1_wrapper_R80_10_JHF_T121_564.log


 
 
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top