Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JJ
Explorer

can we block non-Hong Kong IP to connection using Endpoint Security VPN?

can we block non-Hong Kong IP to connection using Endpoint Security VPN?

i know that would be controlled by implied rules but i have tested disable in the global policy, which is no help. those traffic still can be access the gateway 

but according to sk43401 that state that "enabling certain features (e.g., Clientless VPN) will enable certain Implied Rules that cannot be disabled in SmartConsole / SmartDashboard."

do anyone know a method to solve it ?

So many thanks 

Regards,

JJ  

0 Kudos
7 Replies
Tal_Paz-Fridman
Employee
Employee

What about using Access Control Policy with Updatable Object (Negate Hong Kong):

Hong Kong Updatable Object.jpg

 

 

0 Kudos
Danny
Champion
Champion

To disable specific geo locations before explicit and implied rules you would have to use SAM rules and catch the specific Geo location data from Check Point's IP2Country.csv file. So you'll have to create a little Bash script to catch the location file, grep the IP adresses from Hong Kong and block Endpoint Security VPN connections for all others.

0 Kudos
JJ
Explorer

Hi Danny,

Thanks for your suggestion seems will be work, but using Bash script to catch the location file is too difficult to me to setup.

Anyway thanks for your reply.

Regards,

JJ

0 Kudos
JJ
Explorer

because of the implied rule will accepted the connection before the policy.

0 Kudos
Tal_Paz-Fridman
Employee
Employee

What about changing the order of the Implied Rules in Global Properties?

0 Kudos
JJ
Explorer

actually the global properties is in grey on the accept remote access control connections, and after disable the connection still accepted by the implied rule.

so that no help.

 

 

0 Kudos
JJ
Explorer

Hi All,

i had disable the implied rule as below 

 

impliedrule.JPG

 and setup the access policy as below, all problem is solved. 

accesspolicy.JPG

 so many thanks with all you guy.

 

0 Kudos