Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ned_Stark
Contributor

GEO policy don't work

Hello Team, 

I have configured a GEO policy to block traffic to and from Russia, but I still see traffic to and from Russia in my logs after applying the rule. Do I need to configure something else?  This is my first time configuration GEO policy.

My smartconsole is 80.10  & my firewalls are R77.30.

I have seen some post about GEO policy but I 'm a little confuse about that cause some people talk about update the file ipcountry.csv.   but really I don't know what happen in my case.

 

Always thanks for any help. 

 

good day !! 

 

10 Replies
Timothy_Hall
Legend Legend
Legend

Under Geo Policy go to "Gateways" and make sure the default Geo Policy Profile set for your specific gateway is "Geo_settings_upgraded_from_Default_Protection" and not some other profile.  Because your gateway is R77.30, IPS must be licensed and enabled on your gateway for Geo Policy to work. Requiring IPS for use of Geo Policy is not needed with a R80.10+ gateway.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Ned_Stark
Contributor

Thanks for reply. Yes, we have applied the right profile to the gateways and IPS license is activated to the gateways.  however, we look at the same behavior at the other console R80.20 & gateways R80.10.  Attached images. 

 

 

 

 

  

 

Timothy_Hall
Legend Legend
Legend

That IP address is properly classified as Russia on my R80.40 lab system according to the steps here: sk94364: How to determine which country an IP address is associated with for Geo Protections and RIPE.net/Maxmind agrees.

So first make sure your IpToCountry.csv file is updated: sk108425: IPS Geo Protection does not perform daily update

Also do you have any IPS Core Protections Exceptions defined?  They also apply to Geo Policy enforcement:

sk164916: Geo Protection does not block countries

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Ned_Stark
Contributor

Ok, last date my file IPcountry is 2017. I going to check the IPS exceptions. Thanks for help. Appreciatte it. 

Timothy_Hall
Legend Legend
Legend

It is not the Threat Prevention Exceptions you need to check, it is the IPS Core Protection Exceptions which are accessed by editing any one of the special 39 IPS "Core" Protections such as Sweep Scan.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Ned_Stark
Contributor

ok ok I get it now. Thank you. I will be check that.

0 Kudos
Cyber_Serge
Collaborator

have you try Geo Updatable object?
0 Kudos
Timothy_Hall
Legend Legend
Legend

Geo Updatable Objects are not supported in R80.10 or earlier.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Ned_Stark
Contributor

Yes you right. I tried it on other console R80.20 & gtws R80.10 & don't work that.
0 Kudos
Ned_Stark
Contributor

don't work is this version R77.30. Thanks.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events