This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ryan_St__Germai
Advisor
‎2017-11-27 05:39 AM

DShield Blocklist download failing

Anyone else having issues with their gateways downloading the DShield block list? Appears the SSL cert for the website was re-issued/renewed last week, which is most likely the culprit.

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2017-11-29 05:08 PM

Have you, by chance, contacted the TAC about this?

Contact Support | Check Point Software 

0 Kudos
Ryan_St__Germai
Advisor
‎2017-11-29 06:49 PM
In response to PhoneBoy

I have. This happens very frequently and there is an SK with the past issues documented. Majority of which are related to the DShield certificate. It usually takes a month or two for R&D to fix the problem. They first say no one has reported an issue, most likely because a lot of ppl do not forward their gateways syslog to a SIEM. The best way to really tell if the feed is failing is if you look at the systems OS logs.

We are planning on foregoing the Dshield IPS rule. Instead we will import the blocklist automatically with the checkpoint threat feed script that utilizes Sam rules. This will pull from a local server that pulls the Dshield list from the Dshield website.

Ryan St. Germain

- From Mobile

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top