Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Check Point Firewall VP1 Rule Addition?

Status
Not open for further replies.
mcse63

mcse63

MIS
Jan 7, 2003
44
US
Hello,

I need information on the proper procedure to create a rule/policy to block ip addresses from accessing my network. I have a checkpoint firewall with Vpn. Currently I have come under attack from the asian pacific network and would like to add a rule/policy or whatever it is that I have to do to stop this. I have no book for this and the help file within checkpoint is not the greatest. I have never dealt with checkpoint before, so please be as detailed and thorough as you possibly can.

Thanks in advance for your response
 
Sort by date Sort by votes
are you tring to block a specific network range (i.e you know he IP addresses) or are you trying to block the whole of the asian pacific?
 
Upvote 0 Downvote
I am trying to block a specific network range, if that doesn't work the then the whole pacific.
 
Upvote 0 Downvote
create a network object for the network range you want to block.

then create a rule
source - dest - service - action - log
network - any - any - drop - log
 
Upvote 0 Downvote
Piloria,

I appreciate your response and forgive my ignorance, but could you be more specific and detailed in the process. For example lets say I wanted to block 213.0.0.0 - 213.255.255.255 How would I go about this step by step?

Thanks for all your help thus far
 
Upvote 0 Downvote
you havent specified your FW version so i will give you NG instructions (im not running 4.1 so coulnt give you specifics)

Manage - Network objects - new - network
Name - Blocked_Network
Network address - 213.0.0.0
Net Mask - 255.0.0.0
Colour - red (i use red for anything i am blocking) it is a good idea to try and use colour to help with rules) but it makes no difference to the rules

Within your rules between your stealth rule
source - dest - service - action - log
any - firewall - any - drop - log

and your catch all rule (last rule)
any - any - any - drop - log

add a new rule
Blocked_Network - any - any - drop - log


if you are planning on doing thisd with a few networks then i would change this slightly i would create a group called blocked_networks


Manage - Network objects - new - group - simple group

Name- Blocked_works
Add in the network(s) you have created as per my instructions before

then in the rule you create use the blocked networks group rather than the indevidual network (this allows you to have multiple networks blocked but only one rule)
 
Upvote 0 Downvote
oops sorry for the spelling
the group should be Blocked_networks
i would also change the individual networks you create to
Blocked_network_1
Blocked_network_2

you can be creative but it simplifies reading this way.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

quar
  • Locked
  • Question
Moving a rule
Replies
2
Views
304
iggsterman
iggsterman
quar
  • Locked
  • Question
Moving a rule
Replies
0
Views
117
quar
quar
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
224
hairlessupportmonkey
hairlessupportmonkey
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
146
hall5942
hall5942
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
140
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top