This limitation was discussed recently (Restrict VPN access by GEO location), and will probably need to be an RFE. You can also try checking with the Solutions Center via your Check Point SE, they may have some custom code that can block/allow Remote Access VPN by country.
However after poking around there may be a way to do this: (Edit: After further thought I don't think this will work as the allowed sources and destinations restriction is probably applied against the inner packet IP addresses (i.e. the assigned office mode address) and not the outer IPSec packet IP address that is part of the geographic country in question)
1) Prior to the introduction of Updatable Geo Objects in R80.20, @HeikoAnkenbrand created Dynamic Objects that represented certain countries and could be selected in a Security Policy as you can see here: https://community.checkpoint.com/t5/API-CLI-Discussion/GEO-Location-Objects-in-Firewall-Policy-with-...
2) If these Geo Dynamic objects are present in your configuration, it looks like they can then be selected as an "Allowed Source" in the individual User Record (Geo Updatable objects introduced in R80.20 cannot be selected here though):
3) So what you could do here is import the Geo Dynamic Objects in Step 1, and then select the Geo Dynamic Object(s) for the countries you want to permit as Allowed Sources, all other sources will be denied (an allow list). There is not a way to to a deny list of countries and allow all others for this user that I can see.
I haven't tested this but it looks like it should work, however the use of allowed sources and destinations in the User attributes instead of your policy layers has been controversial in the past, as it can be a bit confusing when the policy layers explicitly allow something but it gets denied anyway by a setting in the User attributes.
| User | Count |
|---|---|
| 9 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |
Tue 12 Nov 2024 @ 03:00 PM (AEDT)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (APAC)Tue 12 Nov 2024 @ 10:00 AM (CET)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (EMEA)Tue 12 Nov 2024 @ 02:00 PM (CET)
Part 1: Harnessing AI to Prevent Cyber Attacks and Enhance Defense - EMEATue 12 Nov 2024 @ 11:00 AM (EST)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (AMERICAS)Tue 12 Nov 2024 @ 02:00 PM (EST)
Part 1: Harnessing AI to Prevent Cyber Attacks and Enhance Defense - AmericasThu 14 Nov 2024 @ 03:00 PM (CET)
AI Series Part 2: Navigating AI to Balance Cyber Risks and Benefits - EMEA SessionTue 12 Nov 2024 @ 03:00 PM (AEDT)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (APAC)Tue 12 Nov 2024 @ 10:00 AM (CET)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (EMEA)Tue 12 Nov 2024 @ 02:00 PM (CET)
Part 1: Harnessing AI to Prevent Cyber Attacks and Enhance Defense - EMEATue 12 Nov 2024 @ 11:00 AM (EST)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (AMERICAS)Tue 12 Nov 2024 @ 02:00 PM (EST)
Part 1: Harnessing AI to Prevent Cyber Attacks and Enhance Defense - AmericasThu 14 Nov 2024 @ 03:00 PM (CET)
AI Series Part 2: Navigating AI to Balance Cyber Risks and Benefits - EMEA SessionTue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaSThu 21 Nov 2024 @ 02:00 PM (MST)
Denver North: Infinity External Risk Management and Harmony SaaSTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management Workshop
