fwaccel dos ioc_deny

Description

The "fwaccel dos ioc_deny" (for IPv4) and "fwaccel6 dos ioc_deny" (for IPv6) commands control the IP addresses that are blocked by Threat Prevention IoC Feeds based on feed files.

In addition, see:

Important:

  • The Security Gateway uses these commands to enforce Threat Prevention IoC Feeds.

  • In a Cluster, you must configure all the Cluster Members in the same way.

  • On Scalable Platforms, you must connect to the applicable Security Group.

    On Scalable Platforms (ElasticXL, Maestro, Scalable Chassis), you must run the required commands only in this way:

    • On the Security Group command line, only on the SMO Security Group Member.

    • In the Global Gaia Clish (gclish), must run these commands:

      • fwaccel dos <Options>

      • fwaccel6 dos <Options>

    • In the Expert mode, must run these commands (start with the "g_" prefix):

      • g_fwaccel dos <Options>

      • g_fwaccel6 dos <Options>

  • In the VSNext mode / Traditional VSX mode, you must go to the context of an applicable Virtual Gateway / Virtual System.

    • In Gaia Clish, run: set virtual-system <VSID>

    • In the Expert mode, run: vsenv <VSID>

Syntax

}fwaccel |fwaccel6} dos ioc_deny

      {-h | --help}

      {-c | --show-config}

      {-F | --flush}

      {-G | --set-log-drops} {on | off}

      {-R | --set-tcp-rst} {on | off}

      {-s | --show}

Parameters

Parameter

Description

-h

--help

Shows the applicable built-in usage.

-c

--show-config

Shows the current configuration.

-F

--flush

Removes (flushes) all IP addresses from the IP deny-list.

Important - Do not run this command unless Check Point Support explicitly asked you to do so.

-G {on | off}

--set-log-drops {on | off}

Enables (on) or disables (off) the logging of packet drops.

Notes:

  • By default, the Security Gateway generates the "Drop" logs for traffic that the DoS / Rate Limiting feature blocked.

  • By default, logging of packet drops is enabled.

-R {on | off}

--set-tcp-rst {on | off}

Enables (on) or disables (off) the response with the TCP [RST] packet for TCP connections that the IP deny-list blocked.

Notes:

  • By default, SecureXL does not send the TCP [RST] packet for blocked TCP connections.

  • This change survives a reboot.

-s

--show

Shows the IP addresses in the IP deny-list.

Example

[Expert@MyGW:0]# fwaccel dos ioc_deny -c
IOC deny list (from files):
    Status                            on (without policy)
    Internal Interfaces               on
    Monitor-Only                      off
    Log Drops                         on
    Send TCP Reset                    off

[Expert@MyGW:0]#