- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi Guys,
I have a couple of R81 firewalls and a management R81.10. I need to block a lot of malware ip addresses (almost 50) and I would like to know what is the best way, if creating a Block Access Control Policy rule with that ip as Desination or use "Custom Policy Tools" --> "Indicators".
thanks a lot
Emiliano
See this topic for potential solution to your problem.
https://community.checkpoint.com/t5/General-Topics/Blacklisting-rogue-IPs/m-p/141123#M25006
Hi Emiliano,
You can aso check out below discussion we had recently about it:
Andy
thank you all for the answer.
In my case, I have a static list of IPs, about 50, I could block the access towards them using "indicators" features, for example. Looking at your advices there are different ways to do that, but I would like to know pro and cons of them knowing I have gateway with R81.
thanks
Emiliano
In case they are changing from time to time you could use the script initially meant to Import o365 objects.
https://github.com/CheckPointSW-Community/IPaddressFeed2CheckPoint
you should just Need to put your IPList to i.e. a web server and change the source in the script(besides some variables).
Outcome is than a group with network objects you can use in policies and so on.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY