cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Geo-Protection for specific internal server IP addresses

Hi Team,


Can we create Geoprotection rules to allow traffic only from specific country to my internal server? For example, I have a few web servers hosted behind CHKP FW, these servers should not be accessed from any other country apart from India. Pls note that the requirement is for only a few internal servers and for other traffic Geo-protection should not block other countries traffic.

Regards

Arun M

Labels (2)
3 Replies

Re: Geo-Protection for specific internal server IP addresses

Hi Arun,

You can use GEO objekts with R80.20 in policy and you can do GEO rules in the regular Access Policy.

Currently no regional settings can be used in the access policy with R80.10 and lower. This only works in the „GEO policy“ and has the disadvantage that no special settings are possible. For example, no services like http can be specified.

 

This solution helps and creates dynamic objects with the IP ranges of the individual countries.

With R80.10 and lower you can use my script to do that:

GEO Location Objects in Firewall Policy (with Dynamic Objects) 

Regards

Heiko

Re: Geo-Protection for specific internal server IP addresses

This script works fine.

Re: Geo-Protection for specific internal server IP addresses