- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: GEO policy don't work
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
GEO policy don't work
Hello Team,
I have configured a GEO policy to block traffic to and from Russia, but I still see traffic to and from Russia in my logs after applying the rule. Do I need to configure something else? This is my first time configuration GEO policy.
My smartconsole is 80.10 & my firewalls are R77.30.
I have seen some post about GEO policy but I 'm a little confuse about that cause some people talk about update the file ipcountry.csv. but really I don't know what happen in my case.
Always thanks for any help.
good day !!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Under Geo Policy go to "Gateways" and make sure the default Geo Policy Profile set for your specific gateway is "Geo_settings_upgraded_from_Default_Protection" and not some other profile. Because your gateway is R77.30, IPS must be licensed and enabled on your gateway for Geo Policy to work. Requiring IPS for use of Geo Policy is not needed with a R80.10+ gateway.
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for reply. Yes, we have applied the right profile to the gateways and IPS license is activated to the gateways. however, we look at the same behavior at the other console R80.20 & gateways R80.10. Attached images.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That IP address is properly classified as Russia on my R80.40 lab system according to the steps here: sk94364: How to determine which country an IP address is associated with for Geo Protections and RIPE.net/Maxmind agrees.
So first make sure your IpToCountry.csv file is updated: sk108425: IPS Geo Protection does not perform daily update
Also do you have any IPS Core Protections Exceptions defined? They also apply to Geo Policy enforcement:
sk164916: Geo Protection does not block countries
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, last date my file IPcountry is 2017. I going to check the IPS exceptions. Thanks for help. Appreciatte it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is not the Threat Prevention Exceptions you need to check, it is the IPS Core Protection Exceptions which are accessed by editing any one of the special 39 IPS "Core" Protections such as Sweep Scan.
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ok ok I get it now. Thank you. I will be check that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Geo Updatable Objects are not supported in R80.10 or earlier.
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![](/skins/images/AB448BCC84439713A9D8F01A2EF46C82/responsive_peak/images/icon_anonymous_message.png)