Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nick_Doropoulos
Advisor

geo-protection commands

Hello,

I'm having a lot of difficulty finding commands in relation to geo-protection (on newer and older versions).

Can somebody please share any links or documentation?

Thanks.

0 Kudos
7 Replies
HeikoAnkenbrand
Champion Champion
Champion

More read here:

R80.30 CLI Reference Guide

➜ CCSM Elite, CCME, CCTE
0 Kudos
Nick_Doropoulos
Advisor

Thanks but I'm afraid there doesn't seem to be anything related either; even when I search for geo protection inside that guide nothing comes up.

Frankly, it's one of the very few features I have only seen on SmartConsole and not CLI hence my question.

0 Kudos
Danny
Champion Champion
Champion

Nick_Doropoulos
Advisor

That's better but I'm still looking for a more comprehensive list of commands with regards to geo-protection.

I see you have written a couple of relevant scripts in this thread @HeikoAnkenbrand :

https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/Geo-policy/m-p/57560/highlight/true...

May I ask where you got the geo-protection commands from? Specifically, I'm looking for configuration commands that enable you to turn on geo-protection on the command line.

Thanks in advance. 

0 Kudos
Timothy_Hall
Champion
Champion

As far as CLI Access to Geo Policy, I don't think this configuration can be accessed through the Management API on the SMS to my knowledge.  You can see a thread I started about Management API vs. SmartConsole limitations here: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Functionality-API-vs-SmartConsole...

On the gateway I'm always on the lookout for ways to turn features off and on "on the fly" for troubleshooting and performance optimization.  Beyond just looking in the local.set file of the compiled policy, there does not seem to be any way to enable/disable or modify Geo Policy out on the gateway itself that I can see.  I suppose one could modify the Geo Policy configuration in the local.set file itself and then do a fetchlocal on the gateway to directly load the changes up into the kernel, but this would most definitely not be supported and could cause very bad things to happen if you make a mistake.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Nick_Doropoulos
Advisor

Thanks Tim. It's a real shame but it is what it is I guess.

0 Kudos
PhoneBoy
Admin
Admin

On R80.20+, you should be doing Geo-Protection using Updatable Objects in the regular Access Policy as it allows far more flexibility.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events