Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
derRichter
Explorer
Jump to solution

Allow "Other" Countrys in Geo-Blocking Policy

Hi Community,

we have acitvated the Geo-Policy and allow many Countrys, and the Default-Rule for other Countrys is "Drop".

We have understand the "Policy for other countries" is for all Coutrys that we not definied in the "Policy for specific"-List.

But sometimes looks like the Checkpoint can not detect the right country and then this is a "other"-Country?
We have often in the Log a Country-Symbol like USA (its allowed per rule) and in the Details says as Country "other"? Is this a detection-Problem?

Now, we want allow all of these "detection problems"?

Or we have to block all other countrys on the list "Policy for specific" and then we can use "Policy for other countries" for allow all wrong detected Countrys? Think not, because in "Policy for other countries" is only possible to "Drop" or "Allow" and this is not usable if we can not make a rule for only FROM or TO country.

 

 

checkpoint-geo-other.JPG

 

Greats

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

It may not be a detection issue so much as the information on the management server isn't up to date with what IP is in what country.
You can update it with a one-liner: https://community.checkpoint.com/t5/API-CLI-Discussion/One-liner-to-update-IpToCountry-data-on-Secur... 

In general, you should move to doing this in the Access Policy, which is supported in R80.20 and later.
See: https://support.checkpoint.com/results/sk/sk126172 

 

View solution in original post

(1)
1 Reply
PhoneBoy
Admin
Admin

It may not be a detection issue so much as the information on the management server isn't up to date with what IP is in what country.
You can update it with a one-liner: https://community.checkpoint.com/t5/API-CLI-Discussion/One-liner-to-update-IpToCountry-data-on-Secur... 

In general, you should move to doing this in the Access Policy, which is supported in R80.20 and later.
See: https://support.checkpoint.com/results/sk/sk126172 

 

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events