topic Re: Limit access to a single external address over a certain port to only allow USA address to conne in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-access-to-a-single-external-address-over-a-certain-port-to/m-p/133657#M19902 <P>You can use an updatable object to select United States as source of your rule then block the rest.</P><P>Something like Source: United States - Destination: your VPN public IP - Service: VPN Service - Action: Accept - Log</P><P>followed by Source: Any - Destination: Your VPN public IP - Service: Any - Action: Drop - Log<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="geoloc.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14231i77ECDADC4A3E2261/image-size/large?v=v2&amp;px=999" role="button" title="geoloc.png" alt="geoloc.png" /></span></P><P>&nbsp;</P> Tue, 09 Nov 2021 21:10:22 GMT Alex- 2021-11-09T21:10:22Z Limit access to a single external address over a certain port to only allow USA address to connect https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-access-to-a-single-external-address-over-a-certain-port-to/m-p/133650#M19899 <P>Hello,</P><P>We're new in the CheckPoint world and had a question about limiting access.</P><P>We use a client based VPN that uses a TCP High Port to allow external connections to come in. We have cert based deployment to allow/deny connections, but we are looking to take that one step further and block all connections from outside of the USA to the external address and port that our client-based VPN uses.</P><P>Is there a way to do this in checkpoint - we're running a HA Pair of 6400 currently in our environment.</P> Tue, 09 Nov 2021 18:35:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-access-to-a-single-external-address-over-a-certain-port-to/m-p/133650#M19899 stevek1835 2021-11-09T18:35:25Z Re: Limit access to a single external address over a certain port to only allow USA address to conne https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-access-to-a-single-external-address-over-a-certain-port-to/m-p/133657#M19902 <P>You can use an updatable object to select United States as source of your rule then block the rest.</P><P>Something like Source: United States - Destination: your VPN public IP - Service: VPN Service - Action: Accept - Log</P><P>followed by Source: Any - Destination: Your VPN public IP - Service: Any - Action: Drop - Log<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="geoloc.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14231i77ECDADC4A3E2261/image-size/large?v=v2&amp;px=999" role="button" title="geoloc.png" alt="geoloc.png" /></span></P><P>&nbsp;</P> Tue, 09 Nov 2021 21:10:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-access-to-a-single-external-address-over-a-certain-port-to/m-p/133657#M19902 Alex- 2021-11-09T21:10:22Z Re: Limit access to a single external address over a certain port to only allow USA address to conne https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-access-to-a-single-external-address-over-a-certain-port-to/m-p/133659#M19903 <P>Desktop Security Policy does not support updatable objects.</P> Tue, 09 Nov 2021 21:36:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-access-to-a-single-external-address-over-a-certain-port-to/m-p/133659#M19903 Danny 2021-11-09T21:36:39Z