Hello,
My organization uses Geo Policy on all of our security gateways. Last week we ran into a serious issue with Geo Policy blocking all United States traffic, even though we were allowing United States traffic to and from. Other security gateways that had specific countries blocked such as Russia and China were allowing those countries in.
After a couple hours of working with Check Point TAC it was determined that Check Point had sent out a IpToCountry.csv where the United States was accidentally deleted. This took all of our branch offices offline and required personnel to physically travel to each branch office, perform a fw unloadlocal, and then install policy from the SMS with the applicable Geo Policy set to inactive.
The IP's from Russia, China, etc. , that were getting past Geo Policy were found as not being in the bad IpToCountry.csv.
Check Point TAC further described that the IpToCountry.csv file is hosted on many CDN's and it would take some time for the bad file to propagate out of the network and be replaced with the known good one. Presumably all customers using Geo Policy were affected by this.
My question is have any of you experienced issues with Geo Policy last week as described above?
I am having a hard time understanding why this seemed to be a rare issue with my organization. I am under the assumption that many organizations use Geo Policy and there would have been widespread outages due to this, prompting a alert from Check Point to be sent out via e-mail.
Do not that many companies use Geo Policy?