Create a Post
Showing results for 
Search instead for 
Did you mean: 

Geo-Protection for specific internal server IP addresses

Hi Team,

Can we create Geoprotection rules to allow traffic only from specific country to my internal server? For example, I have a few web servers hosted behind CHKP FW, these servers should not be accessed from any other country apart from India. Pls note that the requirement is for only a few internal servers and for other traffic Geo-protection should not block other countries traffic.


Arun M

3 Replies

Hi Arun,

You can use GEO objekts with R80.20 in policy and you can do GEO rules in the regular Access Policy.

Currently no regional settings can be used in the access policy with R80.10 and lower. This only works in the „GEO policy“ and has the disadvantage that no special settings are possible. For example, no services like http can be specified.


This solution helps and creates dynamic objects with the IP ranges of the individual countries.

With R80.10 and lower you can use my script to do that:

GEO Location Objects in Firewall Policy (with Dynamic Objects) 




This script works fine.