Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

geo-protection commands

Hello,

I'm having a lot of difficulty finding commands in relation to geo-protection (on newer and older versions).

Can somebody please share any links or documentation?

Thanks.

0 Kudos
7 Replies
Highlighted

More read here:

R80.30 CLI Reference Guide

Tags (1)
0 Kudos
Highlighted

Thanks but I'm afraid there doesn't seem to be anything related either; even when I search for geo protection inside that guide nothing comes up.

Frankly, it's one of the very few features I have only seen on SmartConsole and not CLI hence my question.

0 Kudos
Highlighted
Pearl

Highlighted

That's better but I'm still looking for a more comprehensive list of commands with regards to geo-protection.

I see you have written a couple of relevant scripts in this thread @HeikoAnkenbrand :

https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/Geo-policy/m-p/57560/highlight/true...

May I ask where you got the geo-protection commands from? Specifically, I'm looking for configuration commands that enable you to turn on geo-protection on the command line.

Thanks in advance. 

0 Kudos
Highlighted

As far as CLI Access to Geo Policy, I don't think this configuration can be accessed through the Management API on the SMS to my knowledge.  You can see a thread I started about Management API vs. SmartConsole limitations here: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Functionality-API-vs-SmartConsole...

On the gateway I'm always on the lookout for ways to turn features off and on "on the fly" for troubleshooting and performance optimization.  Beyond just looking in the local.set file of the compiled policy, there does not seem to be any way to enable/disable or modify Geo Policy out on the gateway itself that I can see.  I suppose one could modify the Geo Policy configuration in the local.set file itself and then do a fetchlocal on the gateway to directly load the changes up into the kernel, but this would most definitely not be supported and could cause very bad things to happen if you make a mistake.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted

Thanks Tim. It's a real shame but it is what it is I guess.

0 Kudos
Highlighted
Admin
Admin

On R80.20+, you should be doing Geo-Protection using Updatable Objects in the regular Access Policy as it allows far more flexibility.
0 Kudos