This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
stevek1835
Explorer
‎2021-11-09 10:35 AM

Limit access to a single external address over a certain port to only allow USA address to connect

Hello,

We're new in the CheckPoint world and had a question about limiting access.

We use a client based VPN that uses a TCP High Port to allow external connections to come in. We have cert based deployment to allow/deny connections, but we are looking to take that one step further and block all connections from outside of the USA to the external address and port that our client-based VPN uses.

Is there a way to do this in checkpoint - we're running a HA Pair of 6400 currently in our environment.

Labels
0 Kudos
2 Replies
Alex-
Advisor
‎2021-11-09 01:07 PM

You can use an updatable object to select United States as source of your rule then block the rest.

Something like Source: United States - Destination: your VPN public IP - Service: VPN Service - Action: Accept - Log

followed by Source: Any - Destination: Your VPN public IP - Service: Any - Action: Drop - Loggeoloc.png

 

0 Kudos
Danny
Champion
Champion
‎2021-11-09 01:36 PM
In response to Alex-

Desktop Security Policy does not support updatable objects.

0 Kudos