This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CheckMate-R77
Contributor
‎2020-12-21 03:16 AM

IPS Geo Protection doesn't recognize the country

Hello.

On freshly updated R80.40 there is some issue with Geo Protection. We have added Poland as source country in one of ours security rules and one address is blocked, but it should not be.

Let's take for example following IP: 194.36.19.20. Acording to this sk94364 it's "value" used in the IpToCountry.cvs is:

194.36.19.20 = 20 + 19 * 256 + 36 * 256*256 + 194 * 256*256*256 = 20 + 4864 + 2359296 + 3254779904 = 3257144084

In IpToCountry.cvs (it was updated automatically few hours ago) it shows correctly as Poland:

"3257144064","3257144319","iana","410227200","PL","POL","Poland"

At https://www.maxmind.com/en/geoip-demo that IP is Poland, too. So everything seems ok, but unfortunately it is blocked by "Geo-location inbound enforcement" although all traffic from Poland is allowed. In default geo policy we only block some countries and all others are allowed (default policy for other countries is allow).  In logs there is no even the flag in front of that IP (as it always should be). It seems like it's unrecognized country and ... that's why blocked :-(.

 

Any ideas?

Best regards

Mirek

6 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-12-21 04:09 AM

I would contact TAC with the issue !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Danny
Champion Champion
Champion
‎2020-12-21 04:56 AM

Make sure your gateway and management have updated IpToCountry databases.

One-liner to update IpToCountry data on Security Managements

Common Check Point Commands

0 Kudos
CheckMate-R77
Contributor
‎2020-12-21 05:21 AM
In response to Danny

As far as I know management has no in.geod service and IpToCountry.csv file.

On gateways service is running and the file was (as I wrote) updated few hours ago.

Danny
Champion Champion
Champion
‎2020-12-21 05:23 AM
In response to CheckMate-R77

Your management has an IpToCountry.csv, see my links above.

CheckMate-R77
Contributor
‎2020-12-21 06:06 AM
In response to Danny

Yes Sir,

one-liner works great! Now management correctly shows this IP's country in logs.

Thank You very much, however sk114216 is talking only about gateway and not a word about management. Strange.

CheckMate-R77
Contributor
‎2020-12-21 06:08 AM

By the way in Support Service Request we have only 2 options:

1. Non-Technical Issue (Account Services and Licensing)

2. Content Classification (Report Spam misclassification, Request URL Categorization)

Don't You think it should be (at least) 3-rd option:

3. Geo IP issues (country misclassification) ?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top