This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-03-09 09:13 AM
Jump to solution

Geo IP reliable enugh?

Hi mates,

As our executives have requested it, I would like to gather some experience reports regarding the reliability of CP Geo IP data when using updatable objects.

Has anyone experienced complaints about incorrect country assignments for IP addresses? Or have the assignments generally been accurate?

Any experiences or feedback would be greatly appreciated.

 

thanks

Vince

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
4 Solutions

Accepted Solutions
Lesley
MVP Gold
MVP Gold
‎2026-03-09 09:33 AM
Jump to solution

I have couple customers. False positive can happen, if it happens you need to open TAC case. But I don't recall the last time I did that. The IP information comes from a third party. If you need to whitelist you have to do it yourself by making a bypass for the problematic IP. If you want it to be flagged correctly SR is needed. So yes it works, is it 100%, no but all extra tools can help in a better security

Make sure you do not use legacy geo protection. 

-------
Please press "Accept as Solution" if my post solved it 🙂

View solution in original post

the_rock
MVP Diamond
MVP Diamond
‎2026-03-09 09:41 AM
Jump to solution

Hey Vince,

I totally agree with @Lesley here. I also have not had many resports about false positives in the past (maybe 3 or 4), but opening TAC case usually takes care of it quickly.

maxmind.com is very reliable as far as those things.

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2026-03-09 11:21 AM
Jump to solution

Nobody has complained while my company has used updatable objects, so the geolocation is good enough for us. Currently dealing with a Cloudflare address showing up as Russian some of the time and USAian some of the time. Even two different views of exactly the same log entry seem to disagree on where it is. We only noticed it when proactively poking through geolocation drops recently.

I recommend building rules based on geolocations in a separate ordered layer. This makes it easier and safer to add exceptions should they be needed, since your normal firewall rules will still be applied to them.

View solution in original post

0 Kudos
CaseyB
Advisor
‎2026-03-09 01:17 PM
Jump to solution

We have not had any reports with outbound Geo Blocking being incorrect.

Inbound has been reliable in the terms of people going on vacation, reporting they cannot get logged in and the Geo Blocking accurately has picked up their vacation spot, which is blocked on purpose.

We have been using the updatable objects for a little over 3 years, no complaints.

View solution in original post

5 Replies
Lesley
MVP Gold
MVP Gold
‎2026-03-09 09:33 AM
Jump to solution

I have couple customers. False positive can happen, if it happens you need to open TAC case. But I don't recall the last time I did that. The IP information comes from a third party. If you need to whitelist you have to do it yourself by making a bypass for the problematic IP. If you want it to be flagged correctly SR is needed. So yes it works, is it 100%, no but all extra tools can help in a better security

Make sure you do not use legacy geo protection. 

-------
Please press "Accept as Solution" if my post solved it 🙂
the_rock
MVP Diamond
MVP Diamond
‎2026-03-09 09:41 AM
Jump to solution

Hey Vince,

I totally agree with @Lesley here. I also have not had many resports about false positives in the past (maybe 3 or 4), but opening TAC case usually takes care of it quickly.

maxmind.com is very reliable as far as those things.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2026-03-09 11:21 AM
Jump to solution

Nobody has complained while my company has used updatable objects, so the geolocation is good enough for us. Currently dealing with a Cloudflare address showing up as Russian some of the time and USAian some of the time. Even two different views of exactly the same log entry seem to disagree on where it is. We only noticed it when proactively poking through geolocation drops recently.

I recommend building rules based on geolocations in a separate ordered layer. This makes it easier and safer to add exceptions should they be needed, since your normal firewall rules will still be applied to them.

0 Kudos
CaseyB
Advisor
‎2026-03-09 01:17 PM
Jump to solution

We have not had any reports with outbound Geo Blocking being incorrect.

Inbound has been reliable in the terms of people going on vacation, reporting they cannot get logged in and the Geo Blocking accurately has picked up their vacation spot, which is blocked on purpose.

We have been using the updatable objects for a little over 3 years, no complaints.

Vincent_Bacher
MVP Silver
MVP Silver
‎2026-03-09 11:00 PM
Jump to solution

Thanks all for your feedback. No complaints sounds good. We will talk bit more about that and decide.
Again, thanks all, much appreciated.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events