This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
80fd220b-e3b5-4
Explorer
‎2022-02-25 07:55 AM

block ip addresses

Hi Guys,

I have a couple of R81 firewalls and a management R81.10. I need to block a lot of malware ip addresses (almost 50) and I would like to know what is the best way, if creating a Block Access Control Policy rule with that ip as Desination or use "Custom Policy Tools" --> "Indicators".


thanks a lot
Emiliano

0 Kudos
4 Replies
CE_SE
Employee
Employee
‎2022-02-25 11:21 AM

See this topic for potential solution to your problem. 

 

https://community.checkpoint.com/t5/General-Topics/Blacklisting-rogue-IPs/m-p/141123#M25006

 

the_rock
Champion
Champion
‎2022-02-25 11:43 AM

Hi Emiliano,

You can aso check out below discussion we had recently about it:

https://community.checkpoint.com/t5/Security-Gateways/BLOCK-BAD-REPUTATION-IPS-IN-A-DYNAMIC-WAY/m-p/...

Andy

0 Kudos
80fd220b-e3b5-4
Explorer
‎2022-02-25 12:13 PM
In response to the_rock

thank you all for the answer.

In my case, I have a static list of IPs, about 50, I could block the access towards them using "indicators" features, for example. Looking at your advices there are different ways to do that, but I would like to know pro and cons of them knowing I have gateway with R81.

thanks

Emiliano

0 Kudos
Nüüül
Advisor
‎2022-02-26 12:11 AM
In response to 80fd220b-e3b5-4

In case they are changing from time to time you could use the script initially meant to Import o365 objects. 
https://github.com/CheckPointSW-Community/IPaddressFeed2CheckPoint

you should just Need to put your IPList to i.e. a web server and change the source in the script(besides some variables).

Outcome is than a group with network objects you can use in policies and so on.

 

0 Kudos