cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Is Geo Policy/Protection Supported on Gaia Embedded?

There are numerous references in Check Point's documentation stating that Geo Protection (under R77.30 management) and Geo Policy (under R80.10 management) are not supported by Gaia embedded appliances such as the 1200R, but I have a client using it successfully on version R77.20.31 and the SmartConsole doesn't seem to have a problem assigning a Geo Policy profile to a Gaia Embedded appliance.  So is it supported or not? 

How about Packet Captures taken by IPS or Threat Prevention on a Gaia embedded appliance?

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
2 Replies

Re: Is Geo Policy/Protection Supported on Gaia Embedded?

I have 1400 using latest R77.20.81 (centrally managed) and for me Geo Pro is not working for some reason. I tried it and in the logs I could still see connection attempts from blocked countries.

Can't comment on IPS packet captures, have not tried it yet.

TP is generally working the same way it does on big brothers running R77.xx. TE and DLP are not supported.

May be I miss something, hopefully others will add to it.

0 Kudos

Re: Is Geo Policy/Protection Supported on Gaia Embedded?

Officially (sk105380), neither Geo Protection nor Packet Captures are supported on SMB, and we can argue that autonomous Capture would be dangerous on the flash based Embedded system that has not much free space and computing ressources available. But this is clear in Dashboard, as you get a warning with PC active, that PC is not supported on SMB. Manual captures are possible, of course...

Further, TP is working good, although using special smaller IPS profiles (storage space, you know...) is needed, only TE in Cloud or TE applaince is supported and inbound https Inspection is only working on centrally managed SMBs. There is no TX available, that is true, too... 

The most interresting point here is, when using Geo Policy profile, is it visibly enforced by the SMB unit ?