https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-to-add-Geo-Policy-in-R80-30-VSX/m-p/137117#M55776 <P>We added Geo Policy using default Profile and installed Policy on VS2.</P><P>IPS blade is enabled.</P><P>However Geo Policy is not enforced.</P><P>We started debugging using following SK (sk92823) and noticed Geo process is not running.</P><P>Can you confirm if using&nbsp; Updatable object for Geo Policy in R80.30 only way to make Geo Policy work?&nbsp;</P><P>&nbsp;</P><P>We also tried using updatable object and it dropped traffic.</P><P>We can access user center using VS0 (not from VS2, and VS2 is our FW)</P><P>We can also perform DNS Lookup from VS0</P><P><STRONG>We ran unified_dl UPDATE ONLINE_SERVICES, and it shows completed successfully but&nbsp;<SPAN>&nbsp;</SPAN>last_revision.xml file has a July 2020 timestamp.</STRONG></P><P>&nbsp;</P><P><STRONG>Can you share tips as how to update last_revision.xml successfully?</STRONG></P><P>&nbsp;</P> Thu, 23 Dec 2021 16:54:21 GMT Habib_Rahman_TX 2021-12-23T16:54:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-to-add-Geo-Policy-in-R80-30-VSX/m-p/137117#M55776 <P>We added Geo Policy using default Profile and installed Policy on VS2.</P><P>IPS blade is enabled.</P><P>However Geo Policy is not enforced.</P><P>We started debugging using following SK (sk92823) and noticed Geo process is not running.</P><P>Can you confirm if using&nbsp; Updatable object for Geo Policy in R80.30 only way to make Geo Policy work?&nbsp;</P><P>&nbsp;</P><P>We also tried using updatable object and it dropped traffic.</P><P>We can access user center using VS0 (not from VS2, and VS2 is our FW)</P><P>We can also perform DNS Lookup from VS0</P><P><STRONG>We ran unified_dl UPDATE ONLINE_SERVICES, and it shows completed successfully but&nbsp;<SPAN>&nbsp;</SPAN>last_revision.xml file has a July 2020 timestamp.</STRONG></P><P>&nbsp;</P><P><STRONG>Can you share tips as how to update last_revision.xml successfully?</STRONG></P><P>&nbsp;</P> Thu, 23 Dec 2021 16:54:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-to-add-Geo-Policy-in-R80-30-VSX/m-p/137117#M55776 Habib_Rahman_TX 2021-12-23T16:54:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-to-add-Geo-Policy-in-R80-30-VSX/m-p/137148#M55777 <P>Probably it is best to take it with TAC</P> Fri, 24 Dec 2021 08:45:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-to-add-Geo-Policy-in-R80-30-VSX/m-p/137148#M55777 _Val_ 2021-12-24T08:45:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-to-add-Geo-Policy-in-R80-30-VSX/m-p/137170#M55778 <P>I was under impression that geo policy would be the same regardless of platform you are running, but I could be mistaken...I know starting in R80.20, its recommended to use updatable objects in the policy, but if you are saying that process is not even running, then definitely worth considering TAC case.&nbsp;</P> <P>Below is what TAC gave me few months back when customer had issues with geo updates and it did fix it (you do this on mgmt server, just make sure you backup thise directories first, in case or even do backup quickly)</P> <P>Procedure:<BR />1. Change the name of the folder $MDS_FWDIR/conf/SMC_Files/uo to uo_original<BR />2. Run cpstop &amp;&amp; cpstart on the mgmt server<BR />3. Re-open updatable object picker<BR />4. Make sure the $FWDIR/conf/SMC_Files/uo was created again<BR /><BR />These steps, should enforce the management server to re-download the Updatable Object package and should solve the issue.&nbsp;</P> Fri, 24 Dec 2021 16:08:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-to-add-Geo-Policy-in-R80-30-VSX/m-p/137170#M55778 the_rock 2021-12-24T16:08:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-to-add-Geo-Policy-in-R80-30-VSX/m-p/137599#M55779 <P>Thank you.&nbsp; I have a case open with TAC.</P> Mon, 03 Jan 2022 16:25:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-to-add-Geo-Policy-in-R80-30-VSX/m-p/137599#M55779 Habib_Rahman_TX 2022-01-03T16:25:26Z