CheckMates Fest 2025!
Join the Biggest Event of the Year!
Share your Cyber Security Insights
On-Stage at CPX 2025
Simplifying Zero Trust Security
with Infinity Identity!
Zero Trust Implementation
Help us with the Short-Term Roadmap
CheckMates Go:
What's New in R82
You can't directly block UDP/TCP port 500 in the main Network/Firewall policy because it is allowed in the implied rules which are always "first"; it has to be initially allowed then later denied by vpnd as an invalid peer. The only way to change this is to modify the implied rules settings in the Global Properties, but this is a great way to cause all kinds of nasty problems with basic firewall functionality and is NOT recommended.
I would suggest putting this attacking IP address in the SecureXL blacklist or in a SAM rule (sk112454: How to configure Rate Limiting rules for DoS Mitigation (R80.20 and newer)), which would kill the traffic before it is even able to reach the first implied rules. Or you could simply block that entire country with Geo Policy since it is applied prior to the first implied rules. Geo Updatable Objects are referenced after the first implied rules, so you'll need to use Geo Policy instead of Geo Updatable Objects for blocking the attacker in this specific case.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
