- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi,
We have Geo policy as below:
The problem is that we still see logs with "Accept" from these countries! for example from China:
What I know is that if the Geo policy is set to drop, no one packet (from countries included) will go through the firewall, or do i miss something?
I tried to use a rule with an updateable object as:
As you can see this rule is not getting any hits! even if there are many rules that accepted traffic from China over this one like rule 25 and 35.
Should these two (Geo policy & a rule with Updateable objects) being used together or only one should be used?
As you can see in the rule i have included Indonesia only to test if I will get some hits from a country that is not included in the Geo policy, but I got nothing.
Sometimes some IP addresses are not correctly classified, you have to investigate with TAC. But most common error is an outdated geo location database on the SMS. Use Dannys script One-liner to update IpToCountry data on Security Managements to update the database. Geo Protection logs show the wrong country flag
Updatable Objects were introduced in R80.20 to replace Geo Policy. Geo Policy was removed (or hidden) starting R81. Therefore it is advised to use Updatable Objects.
https://support.checkpoint.com/results/sk/sk131852
Also please refer to sk120261 Geo Protection logs show the wrong country flag:
I have verion 81.10
I have now removed the countries from the Geo policy and added these countries to a rule with updateable objects.
It now shows drops from my rule.
The question now is: Should I create a new rule with updateable objects for every section? Because the rule I created would drop traffic headed only to one section but not other sections.
It depends on how you've structured your rulebase and what your precise objectives are.
But, yes, you may need to add these objects in other rules in other places.
For awareness. R81.10 JHF T110:
|
PRJ-44952, |
IPS |
UPDATE: Mapping of IPs to country/flag in the Logs & Monitor view > Logs is now automatically updated every day. |
The way I do this for every customer is like this...regardless if you have inline layers or multiple ordered layers, makes no difference. I create geo block as very FIRST rule in network policy and block whatever needs to be blocked, using updatable objects.
Andy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 13 | |
| 12 | |
| 9 | |
| 7 | |
| 7 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY