Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CheckMate-R77
Contributor

IPS Geo Protection doesn't recognize the country

Hello.

On freshly updated R80.40 there is some issue with Geo Protection. We have added Poland as source country in one of ours security rules and one address is blocked, but it should not be.

Let's take for example following IP: 194.36.19.20. Acording to this sk94364 it's "value" used in the IpToCountry.cvs is:

194.36.19.20 = 20 + 19 * 256 + 36 * 256*256 + 194 * 256*256*256 = 20 + 4864 + 2359296 + 3254779904 = 3257144084

In IpToCountry.cvs (it was updated automatically few hours ago) it shows correctly as Poland:

"3257144064","3257144319","iana","410227200","PL","POL","Poland"

At https://www.maxmind.com/en/geoip-demo that IP is Poland, too. So everything seems ok, but unfortunately it is blocked by "Geo-location inbound enforcement" although all traffic from Poland is allowed. In default geo policy we only block some countries and all others are allowed (default policy for other countries is allow).  In logs there is no even the flag in front of that IP (as it always should be). It seems like it's unrecognized country and ... that's why blocked :-(.

 

Any ideas?

Best regards

Mirek

6 Replies
G_W_Albrecht
Legend Legend
Legend

I would contact TAC with the issue !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Danny
Champion Champion
Champion

Make sure your gateway and management have updated IpToCountry databases.

One-liner to update IpToCountry data on Security Managements

Common Check Point Commands

0 Kudos
CheckMate-R77
Contributor

As far as I know management has no in.geod service and IpToCountry.csv file.

On gateways service is running and the file was (as I wrote) updated few hours ago.

Danny
Champion Champion
Champion

Your management has an IpToCountry.csv, see my links above.

CheckMate-R77
Contributor

Yes Sir,

one-liner works great! Now management correctly shows this IP's country in logs.

Thank You very much, however sk114216 is talking only about gateway and not a word about management. Strange.

CheckMate-R77
Contributor

By the way in Support Service Request we have only 2 options:

1. Non-Technical Issue (Account Services and Licensing)

2. Content Classification (Report Spam misclassification, Request URL Categorization)

Don't You think it should be (at least) 3-rd option:

3. Geo IP issues (country misclassification) ?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events