Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Evan_Gillette
Explorer

Updatable Objects - GEO: See all Countries

I'd like to move to Updatable Objects for providing Geo Protection and away from the previous Geo Policy.

Is it possible to build a policy that allows me to create rules where I can see the origin country in each log without the need to put the allowed countries in each rule and the blocked countries in the cleanup?

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

I don't believe this is strictly required because I am seeing Geos in my logs and I can assure you I have no such rules in my policy.
The rules in question ARE actually using Updatable Objects, just not ones related to geography.
Possible you may need to update the database on your management (different from gateways) that shows the geographies by something like: https://community.checkpoint.com/t5/API-CLI-Discussion/One-liner-to-update-IpToCountry-data-on-Secur...

0 Kudos
Evan_Gillette
Explorer

Do you see the flag and country when you open up the log too? I see the flag when looking at all the logs in Logs & Monitor view. However, if I open a log to get the details, the icon is the generic globe and there is no country listed.

0 Kudos
PhoneBoy
Admin
Admin

I don't see the country in the log card.
However, when I search on the country in SmartView, entries from that country show up.

0 Kudos
Evan_Gillette
Explorer

Thanks for checking. It will show if you use the country object in the rule but there doesn't seem to be a way to get it to work otherwise. Additionally, if I use the continent object or even "Geo Locations" in the rule, the log will show the continent or "Geo Locations" in the log card. I see in another post that Dorit says these country objects will be able to be grouped in R81.10 so it seems like that's the best scenario for me.

0 Kudos
PhoneBoy
Admin
Admin

Guessing the categorization is done on the gateway side, which it won't do unless it has to (i.e. is part of the rule).
Which case, I suspect that's an RFE.

0 Kudos