- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
I'm trying to do some queries on the traffic to outbound to other countries. I can't seem to do a query string that would show traffic by country. Actually what i'm trying to do is look at the traffic that's NOT in the US. We're looking at enhancing our GeoProtect policy, but i'm not able to figure out how to do so.
One thing i've done is turned on Debug for SmartLog and I can see all the fields in the xml format and the dst_country is always coming up as "other". Is this an issue or this something that can be fixed so this field can be used in searches? Or is there a better way to search for traffic going to other countries and omit the ones I don't want to see?
Jonathan
We don’t log the actual country, if I recall.
What you see in SmartView is generated from a local IP to Country mapping.
Your best bet is to create an ordered layer that will generate a log if not in the US (or whatever countries you wish to exclude).
It should be after all your other layers.
You can then see what log entries match that rule.
So then would I need to know the IP range for the US and omit that in the destination? or rather put that and do a negate cell to omit it?
You can search the logs based on country like in the screenshots:
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY