how to enable ThreatStop on CP

[kidem]

Ok im never used a dynamic object not sure if it goes into a rule or what here is what Dshield says about it:

" Checkpoint has an unusual way of using DNS lookups in a rule. They do a reverse (PTR) lookup on each connection and do a right-string match on the return. This is not how ThreatSTOP works, and could seriously overload any firewall that has a lot of entropy in connecting hosts. We plan on revisiting this to see if we can create a dynamic object script that will work. In the meantime, if you have Checkpoint, you can use the Storm Center dynamic object to block at least some of the threats we do."


so anyone know what i i do here?

[gavvys]

Hi
As I know about the Dshield object, we need to create a rule in the rulebase as given below:
Source:Dshield Object
Dest:Your network
action: drop
Log: enabled

Storm Center is the organisation that has the black listed IP's and it helps to block the attacks to your network.Also you need to send the logs to Storm Center so that they can get more information about the blacklisted IP's.

I hope this will help you.

Regards

[kidem]

I enabled that rule and i get this

Corp_Cluster NGX R65 Advanced Security "/opt/CPsuite-R65/fw1/conf/Corp_New.pf", line 37201: ERROR: stab identifier <dynobj_uids> for host target_list1 redefined


Any ideas?