Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ryan_St__Germai
Advisor

DShield Blocklist download failing

Anyone else having issues with their gateways downloading the DShield block list? Appears the SSL cert for the website was re-issued/renewed last week, which is most likely the culprit.

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Have you, by chance, contacted the TAC about this?

Contact Support | Check Point Software 

0 Kudos
Ryan_St__Germai
Advisor

I have. This happens very frequently and there is an SK with the past issues documented. Majority of which are related to the DShield certificate. It usually takes a month or two for R&D to fix the problem. They first say no one has reported an issue, most likely because a lot of ppl do not forward their gateways syslog to a SIEM. The best way to really tell if the feed is failing is if you look at the systems OS logs.

We are planning on foregoing the Dshield IPS rule. Instead we will import the blocklist automatically with the checkpoint threat feed script that utilizes Sam rules. This will pull from a local server that pulls the Dshield list from the Dshield website.

Ryan St. Germain

- From Mobile

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events