Create a Post
Showing results for 
Search instead for 
Did you mean: 

Geo Blocking IKE Implied Rules

Hi all,


We recently changed over from the legacy way of geo blocking to the recommended use of updatable objects as a rule in the access control policy.

The geo block rule is at the top off our ruleset but I think that the firewall still is allowing any IP to connect to the IKE ports (we use CP VPN) through the implied policy.


I believe with the legacy geo policy it blocked any geo IP connecting to the firewall (this was proved with the recently issue with classifying UK IP's as Russian).

Is there a way to apply the geo rules to the applied policy?

Many thanks


0 Kudos
1 Reply

This has just been discussed here. You can disable the implied rule within Global Properties and explicity define it on top of your rulebase in order to be able to specify geo locations for IKE.

0 Kudos