- Products
- Learn
- Local User Groups
- Partners
- More
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hey boys and girls,
Happy Monday 🙂
Figured would share this, though Im sure some of you may already know, but since there were lots of posts about it and even TAC guy told me people constantly ask, here is way to actually do geo VPN remote access blocking.
What you need to do is below.
First, change kernel parameter to 1 on the fw itself as per below sk:
You can leave portal setting per all interfaces or according to policy (custom port can be there for web UI)
Then, you create a rule. In my case, since it hated me to test using NORDvpn service on my home laptop to connect from another country, I simply created a rule for Canada (which is where I live) to block access to fw on port 80 and 443. This stopped me from even creating the vpn site when policy was pushed.
If any questions, let me know, happy to test. Once you disable/delete the rule I pointed out, and apply policy, site creation will work as normal. Just to point out, in case anyone might be wondering, port 443 is key here, as thats what is needed for clients to connect, see below post about it.
Best,
Andy
| User | Count |
|---|---|
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Tue 16 Dec 2025 @ 05:00 PM (CET)
Under the Hood: CloudGuard Network Security for Oracle Cloud - Config and Autoscaling!Thu 18 Dec 2025 @ 10:00 AM (CET)
Cloud Architect Series - Building a Hybrid Mesh Security Strategy across cloudsTue 16 Dec 2025 @ 05:00 PM (CET)
Under the Hood: CloudGuard Network Security for Oracle Cloud - Config and Autoscaling!Thu 18 Dec 2025 @ 10:00 AM (CET)
Cloud Architect Series - Building a Hybrid Mesh Security Strategy across clouds