Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
Legend Legend
Legend

Is Geo Policy/Protection Supported on Gaia Embedded?

There are numerous references in Check Point's documentation stating that Geo Protection (under R77.30 management) and Geo Policy (under R80.10 management) are not supported by Gaia embedded appliances such as the 1200R, but I have a client using it successfully on version R77.20.31 and the SmartConsole doesn't seem to have a problem assigning a Geo Policy profile to a Gaia Embedded appliance.  So is it supported or not? 

How about Packet Captures taken by IPS or Threat Prevention on a Gaia embedded appliance?

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
2 Replies
HristoGrigorov

I have 1400 using latest R77.20.81 (centrally managed) and for me Geo Pro is not working for some reason. I tried it and in the logs I could still see connection attempts from blocked countries.

Can't comment on IPS packet captures, have not tried it yet.

TP is generally working the same way it does on big brothers running R77.xx. TE and DLP are not supported.

May be I miss something, hopefully others will add to it.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Officially (sk105380), neither Geo Protection nor Packet Captures are supported on SMB, and we can argue that autonomous Capture would be dangerous on the flash based Embedded system that has not much free space and computing ressources available. But this is clear in Dashboard, as you get a warning with PC active, that PC is not supported on SMB. Manual captures are possible, of course...

Further, TP is working good, although using special smaller IPS profiles (storage space, you know...) is needed, only TE in Cloud or TE applaince is supported and inbound https Inspection is only working on centrally managed SMBs. There is no TX available, that is true, too... 

The most interresting point here is, when using Geo Policy profile, is it visibly enforced by the SMB unit ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events