This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Secret-goblin-5
Contributor
Friday
Jump to solution

Create whitelist for single IP when using Geo-blocking objects

Screenshot 2025-12-12 135538.png

We have a geo blocking rule, so far so simple.

However, we now have 1 specific IP which needs to get to the rest of the rules below the geo blocking rule... but is from one of the countries which we block.

 

How do I add an exception for specific IPs to the geo blocking rule, while still having all the other rules below the geo blocking function?

0 Kudos
2 Solutions

Accepted Solutions
CaseyB
Advisor
Friday
Jump to solution

We just add bypass rules above the GeoBlock, like this:

GeoBypass.png

View solution in original post

(1)
the_rock
MVP Platinum
MVP Platinum
Friday
Jump to solution

I cant see how this can work with rule below geo block, as first rule will always block the country. You need to add exception above.

Best,
Andy

View solution in original post

0 Kudos
(1)
6 Replies
CaseyB
Advisor
Friday
Jump to solution

We just add bypass rules above the GeoBlock, like this:

GeoBypass.png

(1)
Secret-goblin-5
Contributor
Friday
In response to CaseyB
Jump to solution

 

Thanks for the quick reply.

This works if you know exactly which service etc the allowed IP needs.
But we have 470 rules below the geo block I want the IP to be checked against.

I don't want to give it access to everything (HTTP(S) in your example) encase it gain access to something it should not.

 

A workaround is to build an inline layer for just them above the geo block, with just the access they need.
Basically what you have, but more granular
But I would then need to build a new inline layer for every exception to our geo blocklist.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Friday
In response to Secret-goblin-5
Jump to solution

Right, but if you think about it, any fw policy goes top to bottom, left to right, so if you try an exception below that geo block rule, it will never work, since upper rule will always take effect first.

Hope that makes sense.

Best,
Andy
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to Secret-goblin-5
Jump to solution

That is true, but there is no sadly better choice. That is just how policy works with any fw vendor out there.

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
Friday
In response to CaseyB
Jump to solution

Thats exactly how I do it and recommend to customers.

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
Friday
Jump to solution

I cant see how this can work with rule below geo block, as first rule will always block the country. You need to add exception above.

Best,
Andy
0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events