This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Evan_Gillette
Explorer
‎2021-06-30 12:54 PM

Updatable Objects - GEO: See all Countries

I'd like to move to Updatable Objects for providing Geo Protection and away from the previous Geo Policy.

Is it possible to build a policy that allows me to create rules where I can see the origin country in each log without the need to put the allowed countries in each rule and the blocked countries in the cleanup?

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2021-06-30 05:31 PM

I don't believe this is strictly required because I am seeing Geos in my logs and I can assure you I have no such rules in my policy.
The rules in question ARE actually using Updatable Objects, just not ones related to geography.
Possible you may need to update the database on your management (different from gateways) that shows the geographies by something like: https://community.checkpoint.com/t5/API-CLI-Discussion/One-liner-to-update-IpToCountry-data-on-Secur...

0 Kudos
Evan_Gillette
Explorer
‎2021-07-02 09:59 AM
In response to PhoneBoy

Do you see the flag and country when you open up the log too? I see the flag when looking at all the logs in Logs & Monitor view. However, if I open a log to get the details, the icon is the generic globe and there is no country listed.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-07-02 05:24 PM
In response to Evan_Gillette

I don't see the country in the log card.
However, when I search on the country in SmartView, entries from that country show up.

0 Kudos
Evan_Gillette
Explorer
‎2021-07-06 08:45 AM
In response to PhoneBoy

Thanks for checking. It will show if you use the country object in the rule but there doesn't seem to be a way to get it to work otherwise. Additionally, if I use the continent object or even "Geo Locations" in the rule, the log will show the continent or "Geo Locations" in the log card. I see in another post that Dorit says these country objects will be able to be grouped in R81.10 so it seems like that's the best scenario for me.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-07-06 04:07 PM
In response to Evan_Gillette

Guessing the categorization is done on the gateway side, which it won't do unless it has to (i.e. is part of the rule).
Which case, I suspect that's an RFE.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events