Threat Prevention has a option to add custom indicators from R77.20 and above. However, 61000 versions are R76SP.X. Does 61000 support the deployment of custom indicators in any version. We are running 61000 in R76SP.40 in VSX mode.
The next major release for the Scalable Platforms is expected to be based on R80 and thus should support this functionality.
Meanwhile, I would engage with your Check Point SE to discuss your specific requirements to see what can be done in the meantime.
Gera Dorfman , can't it be done maybe with a custom sig (snort ?) ?
As Dameon mentioned, we plan to align features set of Scalable Platform with R80.X.
Regarding the specific requirement, we need to understand which exact indicators are planned and see if meanwhile it can be achieved with SNORT.
Hi Gera, we are looking for simple IOC blocking with Md5 or IP Address for the prevention using Threat Indicators. Sample is shown below:
You may able to leverage Private ThreatCloud to do the file hashes today, not 100% sure on IPs.
Either way, I recommend engaging your Check Point SE.
SNORT rules would be tricky and not optimal for such requirement.
Meanwhile you can use fast packet drop feature - note that the configuration is on the gateway and not on the management.
Check Fast Packet Drop feature in 61k Admin Guide
In any case, please engage your Check Point SE.
Retrieving data ...