This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
80fd220b-e3b5-4
Explorer
‎2022-02-25 07:55 AM

block ip addresses

Hi Guys,

I have a couple of R81 firewalls and a management R81.10. I need to block a lot of malware ip addresses (almost 50) and I would like to know what is the best way, if creating a Block Access Control Policy rule with that ip as Desination or use "Custom Policy Tools" --> "Indicators".


thanks a lot
Emiliano

0 Kudos
4 Replies
CE_SE
Employee Alumnus
Employee Alumnus
‎2022-02-25 11:21 AM

See this topic for potential solution to your problem. 

 

https://community.checkpoint.com/t5/General-Topics/Blacklisting-rogue-IPs/m-p/141123#M25006

 

the_rock
Legend
Legend
‎2022-02-25 11:43 AM

Hi Emiliano,

You can aso check out below discussion we had recently about it:

https://community.checkpoint.com/t5/Security-Gateways/BLOCK-BAD-REPUTATION-IPS-IN-A-DYNAMIC-WAY/m-p/...

Andy

0 Kudos
80fd220b-e3b5-4
Explorer
‎2022-02-25 12:13 PM
In response to the_rock

thank you all for the answer.

In my case, I have a static list of IPs, about 50, I could block the access towards them using "indicators" features, for example. Looking at your advices there are different ways to do that, but I would like to know pro and cons of them knowing I have gateway with R81.

thanks

Emiliano

0 Kudos
Nüüül
Advisor
Advisor
‎2022-02-26 12:11 AM
In response to 80fd220b-e3b5-4

In case they are changing from time to time you could use the script initially meant to Import o365 objects. 
https://github.com/CheckPointSW-Community/IPaddressFeed2CheckPoint

you should just Need to put your IPList to i.e. a web server and change the source in the script(besides some variables).

Outcome is than a group with network objects you can use in policies and so on.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 07 Oct 2025 @ 09:30 AM (CEST)

    CheckMates Live Denmark!
    CheckMates Events