cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

How to block all other country and only accept destination service from specific country

Jump to solution

Hi Guys,

 

i would like to know is it possible for us to create a rule that only accept connection coming from specific country for speficic services?

i believe the first portion can be done using clean up rule or spefic drop rule but then the most important part is to only allow access specific service from specific country for eg: singapore, as we are not able to list down all malaysia subnets inside this rules.

please advise.

1 Solution

Accepted Solutions
Highlighted

Re: How to block all other country and only accept destination service from specific country

Jump to solution

If you have an R80.20+ management and gateway, you can do that easily via Updatable Objects.  Updatable Objects representing countries can be used like any other object in your rule base.  If you have R80.10 or earlier, you could use the Geo Policy/Protection feature to block all traffic from a particular country then create an exception allowing a particular service from that country.  A bit roundabout but will work.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com

View solution in original post

4 Replies
Highlighted

Re: How to block all other country and only accept destination service from specific country

Jump to solution

If you have an R80.20+ management and gateway, you can do that easily via Updatable Objects.  Updatable Objects representing countries can be used like any other object in your rule base.  If you have R80.10 or earlier, you could use the Geo Policy/Protection feature to block all traffic from a particular country then create an exception allowing a particular service from that country.  A bit roundabout but will work.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com

View solution in original post

Highlighted
Silver

Re: How to block all other country and only accept destination service from specific country

Jump to solution

Yes, that is the easiest option and it works perfectly fine. 

Highlighted

Re: How to block all other country and only accept destination service from specific country

Jump to solution
Hi Timothy,

thanks for your advise. yes, it is working. we are using R80.20. so case close.
0 Kudos
Highlighted
Employee++
Employee++

Re: How to block all other country and only accept destination service from specific country

Jump to solution

Be careful with blocking everything else than my own country type of policy. The reason is simple. Today many cloud based services have servers in many countries without you knowing it. Blocking everything else except US for example might lead to connectivity problems if a DNS server happens to be in Germany.