This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
origins26
Explorer
‎2020-06-30 09:27 AM
Jump to solution

Configuring geo policies

This is my first time working with geo policies, now I'm trying to implement a geo policy that blocks traffic from Russia, I have a 5000 appliance  R80.10. 

Do I just have to configured it like this?

 
 
 
 

geo policy.pnggeopolicy.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Thank you for your help.

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
MVP Gold
MVP Gold
‎2020-07-05 07:12 AM
Jump to solution

Yes, but normally if you are blocking a country you want to block "from and to" to drop both connections initiated from that country, and any "phone home" attempts to that country initiated by malware already inside your network.  Also ensure that "Default Geo Policy" is applied to your firewall on the Gateways screen.

As Phoneboy says though use of Geo Updatable Objects in the mainline Access Control policy in R80.20+ is much more flexible and easy to work with.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
‎2020-07-04 01:47 PM
Jump to solution

Should be able to.
However it might be better to upgrade to R80.20 or later and use the Updatable Objects for Russia in the access policy, which is far more flexible.
Timothy_Hall
MVP Gold
MVP Gold
‎2020-07-05 07:12 AM
Jump to solution

Yes, but normally if you are blocking a country you want to block "from and to" to drop both connections initiated from that country, and any "phone home" attempts to that country initiated by malware already inside your network.  Also ensure that "Default Geo Policy" is applied to your firewall on the Gateways screen.

As Phoneboy says though use of Geo Updatable Objects in the mainline Access Control policy in R80.20+ is much more flexible and easy to work with.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
origins26
Explorer
‎2020-07-06 09:21 AM
In response to Timothy_Hall
Jump to solution

Thank you all of you.

As of now I'm not able to upgrade to 80.20, so I'll be working with 80.10, as you said I'm going to configure it to block "from and to Country". I verified and Default Geo policiy is in the gateways screen. 

 

default.png

 

 

0 Kudos
JT_Ohio
Participant
‎2021-07-14 02:09 PM
In response to origins26
Jump to solution

I would like to add an additional question to this.  We currently utilize updatable objects to block specific countries that love to send their packets to us. We are on R80.40.  Looks like we have a customer in one of these blocked countries. 

To create an exception, can I just add an ALLOW rule containing their network/IP above my country blocking rule?  I don't know if there is additional logic or checks when implementing country blocking in the security rule set.  I am not using a specific Geo policy on my gateway, just a block rule with updatable country objs at the top of my rule list.

Thank you!

JJ

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2021-07-15 05:04 AM
In response to JT_Ohio
Jump to solution

Correct, if you are using Geo Updatable objects in a policy rule to block a certain country just add an Accept rule above that one to implement the exception.  You may want to double-check that you are not also blocking that country in the legacy Geo Policy configuration, because if you are that block will be applied long before the rulebase gets evaluated.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
Magnus-Holmberg
MVP Silver
MVP Silver
‎2020-07-05 03:44 PM
Jump to solution

 

As said above from R80.20 you can use updatable objects anywere in the rulebase.

step1.png

step2.png

step3.png

  

step4.png

 

https://www.youtube.com/c/MagnusHolmberg-NetSec

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events