Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Arun_Malipatil1
Participant

Geo-Protection for specific internal server IP addresses

Hi Team,


Can we create Geoprotection rules to allow traffic only from specific country to my internal server? For example, I have a few web servers hosted behind CHKP FW, these servers should not be accessed from any other country apart from India. Pls note that the requirement is for only a few internal servers and for other traffic Geo-protection should not block other countries traffic.

Regards

Arun M

3 Replies
HeikoAnkenbrand
Champion Champion
Champion

Hi Arun,

You can use GEO objekts with R80.20 in policy and you can do GEO rules in the regular Access Policy.

Currently no regional settings can be used in the access policy with R80.10 and lower. This only works in the „GEO policy“ and has the disadvantage that no special settings are possible. For example, no services like http can be specified.

 

This solution helps and creates dynamic objects with the IP ranges of the individual countries.

With R80.10 and lower you can use my script to do that:

GEO Location Objects in Firewall Policy (with Dynamic Objects) 

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Vivek_Kojoziky
Participant

This script works fine.

HeikoAnkenbrand
Champion Champion
Champion

See SK:

Geo Location objects as network objects in R80.20 

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events