Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mike_Jensen
Advisor
Jump to solution

Bad IpToCountry.csv file from Check Point

Hello,

My organization uses Geo Policy on all of our security gateways.  Last week we ran into a serious issue with Geo Policy blocking all United States traffic, even though we were allowing United States traffic to and from.  Other security gateways that had specific countries blocked such as Russia and China were allowing those countries in.

After a couple hours of working with Check Point TAC it was determined that Check Point had sent out a IpToCountry.csv where the United States was accidentally deleted.  This took all of our branch offices offline and required personnel to physically travel to each branch office, perform a fw unloadlocal, and then install policy from the SMS with the applicable Geo Policy set to inactive.

The IP's from  Russia, China, etc. , that were getting past Geo Policy were found as not being in the bad IpToCountry.csv.

Check Point TAC further described that the IpToCountry.csv file is hosted on many CDN's and it would take some time for the bad file to propagate out of the network and be replaced with the known good one.  Presumably all customers using Geo Policy were affected by this.

My question is have any of you experienced issues with Geo Policy last week as described above?

I am having a hard time understanding why this seemed to be a rare issue with my organization.  I am under the assumption that many organizations use Geo Policy and there would have been widespread outages due to this, prompting a alert from Check Point to be sent out via e-mail.

Do not that many companies use Geo Policy?

 

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
0 Kudos
1 Reply
Timothy_Hall
Legend Legend
Legend
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events