- Products
- Learn
- Local User Groups
- Partners
- More
On-Premise SD-WAN Management
Register HereWhat's New in R82.10?
Watch Here AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
The Moment Before
I have a requirement to allow traffic to a URL from only specific regions such as India,US and Russia.. rest all regions need to be blocked.
In the Geo Policy i can only see Country,Action,Direction which can be blocked.,there are no fields for destination/port... how can i selectively allow traffic from certain regions to the URL ?
I am aware about the updatable objects in R80.40 and going to upgrade to it soon..but in the meantime i need to do this in R80.10.
Because Updatable Geo Objects are not available in your R80.10 release, the only officially-supported way to do this is to block an entire country with Geo Policy, then specify exceptions utilizing IP addresses and port numbers to whatever server is hosting the URL; you can't specify URLs in Geo Policy exceptions. That is the best you can do "officially" unless you want to create & maintain static group objects matching all IP networks from the desired countries and match them in your policy, which is less than desirable to say the least.
If you still want to do this under R80.10, check out this workaround written by @HeikoAnkenbrand :
Because Updatable Geo Objects are not available in your R80.10 release, the only officially-supported way to do this is to block an entire country with Geo Policy, then specify exceptions utilizing IP addresses and port numbers to whatever server is hosting the URL; you can't specify URLs in Geo Policy exceptions. That is the best you can do "officially" unless you want to create & maintain static group objects matching all IP networks from the desired countries and match them in your policy, which is less than desirable to say the least.
If you still want to do this under R80.10, check out this workaround written by @HeikoAnkenbrand :
One Query here.. after i have enabled the geo policy ..where can i see logs for it ? is it in normal logging window ?
Assuming Track is set to Log on your Geo Policy, yes and the logs will be associated with the Firewall blade. On an R77.30 or earlier gateway Geo Protection events were logged under the IPS blade.
Ok..i have set it to logging but observing a strange behaviour..
ihave a rule "Any" to Webserver allowed in ACL
I set up a geo policy to block from and to Source 'China'.
However, 1 hour later ..i observed an "ACCEPT" log from Src China via the configured ACL rule.. as per my understanding geo policy should take precedence and block this it should never go to ACL.. i have IPS , Antibot, Antivirus Blades enabled on the FW
Are you sure that the rule matching China in your Geo Policy is set to drop AND that the China rule is part of the Geo Policy profile that is actually applied to the gateway in question?
If so double-check that the source IP address is actually in China according to https://www.maxmind.com/en/geoip-demo and doing a whois lookup at www.apnic.net.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 12 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 |
Thu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY