Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
panda7zip
Explorer

Checkpoint r80.10 block ip feed and send logs to rsyslog server

Hello! Could you help me please? i'm testing checkpoint security gateway with gaia 80.10. I have ip feed which is updating every few hours and want to block ips from this feed. 
I already configured checkpoint with nat, created host behind nat with local ip and tried to make what i need with this article:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
but i cant download scripts cause i dont have valid subscriptions, just want to test
i've done scripts like TOR blocking script but with my own ip feed and url.
samp policy adds my ip feed but checkpoint not blocking those ips and no logs about deny or allow traffic  in smartview and smartconsole. 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

fw samp only generates logs when it drops traffic.
But if you're generating your own IOC feed, you should be using the Custom Intelligence Feeds option: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
panda7zip
Explorer

Thank you, seems that it is what i need, but when i trying to install hotfix with ioc_feeds i got 

The package failed a pre-install validation at Thu Apr 18 16:01:00 2019
Reason of failure: The package is not compatible to install - A fix conflict was detected during pre-install validation.
To prevent system instability, installation will not continue.
Please contact Check Point support with the following information:

Package: Check_Point_R80.10_JHF_T121_Hotfix_sk132193_FULL.tgz
conflicts with the following hotfixes:

R80.10 Jumbo Hotfix Accumulator General Availability (Take 189)
R80_10_New_Image

For more information - see log files:
/opt/CPInstLog/CRSValidator_fw1_wrapper_R80_10_JHF_T121_564.log


 
 
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events