- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
This is my first time working with geo policies, now I'm trying to implement a geo policy that blocks traffic from Russia, I have a 5000 appliance R80.10.
Do I just have to configured it like this?
Thank you for your help.
Yes, but normally if you are blocking a country you want to block "from and to" to drop both connections initiated from that country, and any "phone home" attempts to that country initiated by malware already inside your network. Also ensure that "Default Geo Policy" is applied to your firewall on the Gateways screen.
As Phoneboy says though use of Geo Updatable Objects in the mainline Access Control policy in R80.20+ is much more flexible and easy to work with.
Yes, but normally if you are blocking a country you want to block "from and to" to drop both connections initiated from that country, and any "phone home" attempts to that country initiated by malware already inside your network. Also ensure that "Default Geo Policy" is applied to your firewall on the Gateways screen.
As Phoneboy says though use of Geo Updatable Objects in the mainline Access Control policy in R80.20+ is much more flexible and easy to work with.
Thank you all of you.
As of now I'm not able to upgrade to 80.20, so I'll be working with 80.10, as you said I'm going to configure it to block "from and to Country". I verified and Default Geo policiy is in the gateways screen.
I would like to add an additional question to this. We currently utilize updatable objects to block specific countries that love to send their packets to us. We are on R80.40. Looks like we have a customer in one of these blocked countries.
To create an exception, can I just add an ALLOW rule containing their network/IP above my country blocking rule? I don't know if there is additional logic or checks when implementing country blocking in the security rule set. I am not using a specific Geo policy on my gateway, just a block rule with updatable country objs at the top of my rule list.
Thank you!
JJ
Correct, if you are using Geo Updatable objects in a policy rule to block a certain country just add an Accept rule above that one to implement the exception. You may want to double-check that you are not also blocking that country in the legacy Geo Policy configuration, because if you are that block will be applied long before the rulebase gets evaluated.
As said above from R80.20 you can use updatable objects anywere in the rulebase.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 19 | |
| 8 | |
| 6 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 2 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY