Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

GEO policy don't work

Hello Team, 

I have configured a GEO policy to block traffic to and from Russia, but I still see traffic to and from Russia in my logs after applying the rule. Do I need to configure something else?  This is my first time configuration GEO policy.

My smartconsole is 80.10  & my firewalls are R77.30.

I have seen some post about GEO policy but I 'm a little confuse about that cause some people talk about update the file ipcountry.csv.   but really I don't know what happen in my case.

 

Always thanks for any help. 

 

good day !! 

 

10 Replies
Highlighted

Under Geo Policy go to "Gateways" and make sure the default Geo Policy Profile set for your specific gateway is "Geo_settings_upgraded_from_Default_Protection" and not some other profile.  Because your gateway is R77.30, IPS must be licensed and enabled on your gateway for Geo Policy to work. Requiring IPS for use of Geo Policy is not needed with a R80.10+ gateway.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted
Nickel

Thanks for reply. Yes, we have applied the right profile to the gateways and IPS license is activated to the gateways.  however, we look at the same behavior at the other console R80.20 & gateways R80.10.  Attached images. 

 

 

 

 

  

 

Highlighted

That IP address is properly classified as Russia on my R80.40 lab system according to the steps here: sk94364: How to determine which country an IP address is associated with for Geo Protections and RIPE.net/Maxmind agrees.

So first make sure your IpToCountry.csv file is updated: sk108425: IPS Geo Protection does not perform daily update

Also do you have any IPS Core Protections Exceptions defined?  They also apply to Geo Policy enforcement:

sk164916: Geo Protection does not block countries

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Nickel

Ok, last date my file IPcountry is 2017. I going to check the IPS exceptions. Thanks for help. Appreciatte it. 

Highlighted

It is not the Threat Prevention Exceptions you need to check, it is the IPS Core Protection Exceptions which are accessed by editing any one of the special 39 IPS "Core" Protections such as Sweep Scan.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Nickel

ok ok I get it now. Thank you. I will be check that.

0 Kudos
Highlighted
Nickel

have you try Geo Updatable object?
0 Kudos
Highlighted

Geo Updatable Objects are not supported in R80.10 or earlier.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted
Nickel

Yes you right. I tried it on other console R80.20 & gtws R80.10 & don't work that.
0 Kudos
Highlighted
Nickel

don't work is this version R77.30. Thanks.