The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Geo Protection mechanism logs connections from internal IP addresses
R77.30 (EOL), R80.10 (EOL)
Platform / Model
When Geo Protection mechanism is activated, Geo logs are generated for connections originating from and destined to internally defined IP addresses, either by Security Gateway internal network interfaces, or by RFC 1918 (private IP address spaces), resulting in a massive volume of logs.
Upon Geo Protection match, the "Source Country" field is populated according to the matching country in the rule base and not according to the actual country source IP (see sk105019).
Countries that are not included in the policy are logged as "OTR" in log's "Source Country" and "Destination Country" fields.
Geo Protection is not processing connections inside private networks correctly.