This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
K_montalvo
Advisor
‎2022-02-15 12:49 PM

BLOCK BAD REPUTATION IPS IN A DYNAMIC WAY

Jump to solution

Hello experts,

Kindly guide me if its possible to have like a rule, blade or external connector or any recommended configuration in order to have protection on the Gateway perimeter  to block malicious reported IP address range like botnets, hackers etc? This is with the purpose to reduce having to create objects and manually applied to specific existing block rule on the network access layer.

Thanks!

0 Kudos
2 Solutions

Accepted Solutions
Chris_Atkinson
Employee
Employee
‎2022-02-15 03:32 PM

Jump to solution

ioc_feeds, available natively in R81 SmartConsole - refer sk132193.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics...

Other options exist depending on your enabled blades and might leverage dynamic / imported objects (sk167210) or the available APIs.

View solution in original post

the_rock
Champion
Champion
‎2022-02-15 04:15 PM

Jump to solution

Hey bro,

What I always do is use below link, get all IPs from the txt file, slap it in .csv file, import in mgmt, create a rule with group object containing the file you import and thats it.

Andy

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Chassis_AdminGuide/Topics-Chassis-...

You can also use below sites to confirm if site might be malicious.

https://www.virustotal.com/gui/home/upload

https://www.urlvoid.com

View solution in original post

2 Replies
Chris_Atkinson
Employee
Employee
‎2022-02-15 03:32 PM

Jump to solution

ioc_feeds, available natively in R81 SmartConsole - refer sk132193.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics...

Other options exist depending on your enabled blades and might leverage dynamic / imported objects (sk167210) or the available APIs.

the_rock
Champion
Champion
‎2022-02-15 04:15 PM

Jump to solution

Hey bro,

What I always do is use below link, get all IPs from the txt file, slap it in .csv file, import in mgmt, create a rule with group object containing the file you import and thats it.

Andy

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Chassis_AdminGuide/Topics-Chassis-...

You can also use below sites to confirm if site might be malicious.

https://www.virustotal.com/gui/home/upload

https://www.urlvoid.com