Currently no regional settings can be used in the Firewall Policy.This only works in the „Geo Policy“ and has the disadvantage that no special settings are possible.
For example, no services like http can be specified.
This solution helps and creates Dynamic Objects with the IP ranges of the individual countries.
In the first step, a Dynamic Object is created on the gateway that contains all IP addresses of the appropriate country. To do this the script is executed on the gateway.
If the script is started the first time the country file is transferred from the management server to the gateway via scp.
All you have to do is enter the IP address, user name and password of the management server.
The current country list is displayed. Now only the appropriate country must be selected.
For example "WLF".
Afterwards dynamic object is created on the gateway with the following name „GEO_<country code>“.
For example "GEO_WLF".
Now create a Dynamic Object with the same name in the management under
„New>More>Network Objekts>Dynamic Objects >Dynamic Objekt“.
For example "GEO_WLF"
Now create a Firewall Policy with the Dynamic Objekt.
Install Policy
Important!
1) On a cluster the script must be executed on both gateways.
2) This is not a supported CheckPoint solution!
Script Version:
- 0.7a final version
- 0.7b bug fix (02.08.2018)
Regards,
Heiko
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips