This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RichUK
Contributor
‎2022-06-28 01:22 AM

Geo Blocking IKE Implied Rules

Hi all,

(R81.10)

We recently changed over from the legacy way of geo blocking to the recommended use of updatable objects as a rule in the access control policy.

The geo block rule is at the top off our ruleset but I think that the firewall still is allowing any IP to connect to the IKE ports (we use CP VPN) through the implied policy.

ike.jpg

I believe with the legacy geo policy it blocked any geo IP connecting to the firewall (this was proved with the recently issue with classifying UK IP's as Russian).

Is there a way to apply the geo rules to the applied policy?

Many thanks

Rich

0 Kudos
1 Reply
Danny
Champion Champion
Champion
‎2022-06-28 01:55 AM

This has just been discussed here. You can disable the implied rule within Global Properties and explicity define it on top of your rulebase in order to be able to specify geo locations for IKE.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top