sunhux

<div>
&gt;Paloalto uses Minemeld<br />
Thanks but I'll need it for CheckPoint.<br />
Btw, Darin, what was the firewall brand &amp;&nbsp;model that you use that previously<br />
you mentioned blocked 300mil CHina IP?<br />
<br />
David, can Fail2ban work for CheckPoint or any other firewalls (eg: Fortigate)?
</div>


<div>
I’ve done it with Paloalto recently<br />
But also Juniper and Fortigate<br />
<br />
Ps the Minemeld that Palo built is now kinda independent.....<br />
Not really run directly by them ...managed by a group of folks<br />
<br />
So you can download the MineMeld tool and use it for any brand that can except a feed from a txt file
</div>


<div>
Darin, what's the brand/model of the firewall that you used to block 300mil China IP without performance impact?<br />
<br />
Btw, I'm referring to links below when referring to scripting/command but reckon MineMeld could probably do it easier?<br />
<a href="https://sc1.checkpoint.com/documents/R77/CP_R77_Multi-DomainSecurityManagement_WebAdminGuide/105997.htm" rel="ugc">https://sc1.checkpoint.com/documents/R77/CP_R77_Multi-DomainSecurityManagement_WebAdminGuide/105997.htm</a><br />
<a href="https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Creating-Firewall-Rules-per-CLI/td-p/16366" rel="ugc">https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Creating-Firewall-Rules-per-CLI/td-p/16366</a>
</div>


<div>
Hi,<br />
<br />
here is a useful <a href="https://isc.sans.edu/block.txt" rel="ugc">list</a> you can use which is updated on a daily basis.<br />
<br />
Cheers
</div>


<div>
Not familiar with Check Point, but if it has a CLI, then you should be able to script it. To the firewall it will look like somebody is manually entering everything, but using a bash shell script and expect from a Linux box.<br />
<br />
I can't remember the details, but I know RANCID &nbsp;(<a href="https://www.shrubbery.net/rancid/" rel="ugc">https://www.shrubbery.net/rancid/</a>) used scripts and expect to do various things to any network device (actually anything) that had CLI.<br />
<br />
expect allow you to logon to another box and issue command and wait for expected responses and issues more commands.<br />
<br />
In my simple mind:<br />
<br />
&nbsp; 1) You have a file with all the IP address you want to add to a &quot;block group&quot;.<br />
&nbsp; 2) You write a script that reads that file and creates a second file with all of the Checkpoint commands to add those addresses to the &quot;block group&quot;.<br />
&nbsp; 3) You have a expect script that then logs onto the firewall and reads and loops through the file created in step 2 to issue the commands.
</div>


<div>
<div class="content wysiwyg-content">
I know an ex-colleague has a way at command line (script or whatever) to automate<br />
adding of IP to block malicious IP for Nokia Checkpoint : that's years ago.<br />
<br />
My current network colleague says it's very tedious to add IP as he has to create<br />
object, then go into another screen to add it to a group &amp;&nbsp;we often get 100-700<br />
IP from threat Intel (from a cyber regulator): &nbsp;is there a way to automate to mass<br />
block it for CheckPoint &nbsp;Security Gateway 12600?? &nbsp; &nbsp; Isn't there a way to get to<br />
SG12600's Unix command prompt &amp;&nbsp;write a script to automate?<br />
<br />
<br />
For sure Linux iptables, we can do it easily by Shell script.<br />
<br />
Heard Palo Alto has an interface to add IP en masse but my network guy says<br />
CheckPoint (&amp; possibly Fortigate) don't.
</div>
</div>


I know an ex-colleague has a way at command line (script or whatever) to automate
adding of IP to block malicious IP for Nokia Checkpoint : that's years ago.

My current network colleague says it's very tedious to add IP as he has to create
object, then go into another screen to add it to a group & we often get 100-700
IP from threat Intel (from a cyber regulator):  is there a way to automate to mass
block it for CheckPoint  Security Gateway 12600??     Isn't there a way to get to
SG12600's Unix command prompt & write a script to automate?


For sure Linux iptables, we can do it easily by Shell script.

Heard Palo Alto has an interface to add IP en masse but my network guy says
CheckPoint (& possibly Fortigate) don't.

Automated way/script to add hundreds of IP to block in Checkpoint SG 12600

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

The term 'shell' refers to a general class of text-based command interpreters most often associated with the UNIX and Linux operating systems. Popular shells include Bourne, Debian Almquist (dash), Korn (ksh), Bourne Again (bash) and the C shell family (csh). Some view the DOS 'cmd' prompt as a minimal shell of sorts. It is also possible to install Cygwin on Windows and emulate a full Unix environment with complete shell capabilities. Terminal emulators, such as xterm, GNOME Terminal and OS X Terminal, can be used to access shell.

Shell Scripting

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.