This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arun_Malipatil1
Participant
‎2018-10-21 01:04 AM

Geo-Protection for specific internal server IP addresses

Hi Team,


Can we create Geoprotection rules to allow traffic only from specific country to my internal server? For example, I have a few web servers hosted behind CHKP FW, these servers should not be accessed from any other country apart from India. Pls note that the requirement is for only a few internal servers and for other traffic Geo-protection should not block other countries traffic.

Regards

Arun M

Labels
3 Replies
HeikoAnkenbrand
Champion Champion
Champion
‎2018-10-21 10:25 AM

Hi Arun,

You can use GEO objekts with R80.20 in policy and you can do GEO rules in the regular Access Policy.

Currently no regional settings can be used in the access policy with R80.10 and lower. This only works in the „GEO policy“ and has the disadvantage that no special settings are possible. For example, no services like http can be specified.

 

This solution helps and creates dynamic objects with the IP ranges of the individual countries.

With R80.10 and lower you can use my script to do that:

GEO Location Objects in Firewall Policy (with Dynamic Objects) 

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Vivek_Kojoziky
Participant
‎2018-10-22 12:48 AM
In response to HeikoAnkenbrand

This script works fine.

HeikoAnkenbrand
Champion Champion
Champion
‎2018-10-22 01:46 AM
In response to Vivek_Kojoziky

See SK:

Geo Location objects as network objects in R80.20 

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events