This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Seth_Scavette
Explorer
‎2024-01-03 01:01 PM

GEOIP Block / Allow With Updateable Objects - How to allow and continue to main rule base like befor

With the old GEOIP policy you could allow and block countries easily and then there was a box at the bottom that said "policy for other countries" which could be set to allow or block. Given that ability I am trying to figure out how to replicate that with the newer preferred method using updateable objects. Blocking is easy, setting up a whitelist of countries seems much more involved.

So currently I have main rules setup at the top of the policy to block countries I have selected. I then use inline layered rules to create exceptions where needed with a "drop" clean up rule at the bottom of the inline policy. Blocking is easy!

This is what I want to do now:

--- Create a rule to allow specific countries with updateable objects but still go on to match the main rule base below like the old GEOIP policy would do. The only way I can figure would be to create inline rules with all my existing rules which seems wrong. 

 I searched but I have not found any good solutions. 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2024-01-04 05:43 AM

Put the geo rules in a separate ordered layer.
Provided that layer only contains geo rules and the final result is “accept” for the countries you wish to accept, it should work the way you wish.

0 Kudos
the_rock
Legend
Legend
‎2024-01-04 06:28 AM

I see what @PhoneBoy is saying, makes total sense. I will tell you what I always advise people and works 100% fine. So, say if you have, just as an example, 2 ordered layers, 1 network (with fw blade only enabled) and 2nd as appc+urlf enabled in layer editor, in network layer, you can have multiple inline layers tied to different zones representing different interfaces and then first few rules on the top can include geo block rules. IF you need to allow someone from foreign country to conenct, you can simple have such rule ABOVE geo block rules, thats it.

I attached basic example from one of my R81.20 labs. Also, super IMPORTANT, if you have multiple ordered layers, traffic HAS TO be accepted on all layers, otherwise, nothing will work.

Best,

Andy

 

 

Preview file
220 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events