Thanks, 

I am using R81.

is there also some documention that explaining what is geo protection and how should I use it?

I am new to this feature.

See  sk126172: Configuring Geo Policy using Updatable Objects in R80.20 and higher

Also look into this  discussion:

Multiple Geo Locations In Manual Policy

The simplistic use case is using the country objects in the source or destination column of your security policy.

Navigate as follows:

Access Policy > Firewall > Policy > New > Top > Modify the Source or Destination Column > Import > Updatable Objects > Scroll down to the "GEO Locations" objects > Expand and pick the country of your choice. > Apply > Finishing defining your rule and click Apply again.

GEO protection uses maps of IP address ranges to country. This can be used in different ways, e.g. restricting RA VPN connections to IPs from the customers country only or denying web access to sites in Russia or China.

The drawback: IP address ranges are subject to change, often the IP mapping is temporarily wrong and only corrected after some days or on demand. So you can not be sure that this method does always work as  expected...

Hello,

Let's assume for example that x.x.x.x/16 was Country-A pool
and after two month it purchased by Country-B.

1. How my gateway will know about this change?
2. What I need to do in order to update my gateway regarding this change?

1. By automatic updates - See sk95976: How the Geo Protection country file is updated

2. Make sure that the Security Gateway can fetch the updates from Check Point download center

I read the sk95976 and there was written: "Currently, the Security Gateway should fetch the updates from Check Point download center"

My question is there a way to check if the geo protaction was updated actually?
is there any log? or something in GUI I can see?
How should I know if gateway fetched the updates from Check Point download center?

https://support.checkpoint.com/results/sk/sk83520

I could be wrong, but I dont believe iptocountry.csv file is even present on the SMB gateway (at least its not on regular Gaia fw)

Andy

Soprry, I take my last response back, I was 100% wrong. Yoou can check below and then run following.

Andy

[Expert@quantum-firewall:0]# find / -name IpToCountry*
/var/log/opt/CPsuite-R81.20/fw1/tmp/email_tmp/updates/IpToCountry.csv
/var/opt/CPsuite-R81.20/fw1/conf/IpToCountry.csv
[Expert@quantum-firewall:0]#

[Expert@quantum-firewall:0]# stat /var/log/opt/CPsuite-R81.20/fw1/tmp/email_tmp/updates/IpToCountry.csv
File: '/var/log/opt/CPsuite-R81.20/fw1/tmp/email_tmp/updates/IpToCountry.csv'
Size: 11600487 Blocks: 22664 IO Block: 4096 regular file
Device: fc00h/64512d Inode: 268578887 Links: 1
Access: (0640/-rw-r-----) Uid: ( 0/ admin) Gid: ( 1/ bin)
Access: 2022-11-16 06:25:26.000000000 -0500
Modify: 2022-11-16 06:25:26.000000000 -0500
Change: 2022-12-28 13:16:06.155028136 -0500
Birth: -
[Expert@quantum-firewall:0]# stat /var/opt/CPsuite-R81.20/fw1/conf/IpToCountry.csv
File: '/var/opt/CPsuite-R81.20/fw1/conf/IpToCountry.csv'
Size: 11600487 Blocks: 22664 IO Block: 4096 regular file
Device: fc01h/64513d Inode: 1384643 Links: 1
Access: (0640/-rw-r-----) Uid: ( 0/ admin) Gid: ( 1/ bin)
Access: 2023-03-24 11:20:13.187213100 -0400
Modify: 2022-11-16 06:25:26.000000000 -0500
Change: 2022-12-28 13:13:59.385021532 -0500
Birth: -
[Expert@quantum-firewall:0]#

This command don't show me something "find / -name IpToCountry*".

My Firewall Version:

fw ver
This is Check Point's 1570 Appliance R81.10.00 - Build 575

I would say what @G_W_Albrecht gave you is very good reference. Since device is locally managed, no need to worry about any updates on management server.

Andy