Support Center > Search Results > SecureKnowledge Details
Geo Location objects as network objects in R80.20
Solution

Background

The Geo database is downloaded from MaxMind, a leading provider of IP Intelligence and online fraud prevention tools.
MaxMind provides mapping of location data for IP addresses. The server downloads the updated database from MaxMind on a daily basis.

To check the current country mapping by test the IP address, visit the GeoIP2 City Database Demo page.

Till R80.20, Customers who wish restricting access to/from a specific country/continent based on IP addresses should add them to the rule base as hosts and have to install policy after every change.

Check Point Solution for R80.20

  • For each Country/Continent, Check Point provides a Network Object that can be imported to SmartConsole.
  • Each country/continent object matches a list of IP addresses according to the MaxMind database.
  • On every update in MaxMind database, these Objects are updated automatically on the GW (no need to run policy installation).
  • When the source or destination IP address matches an object, the action is selected according to the policy. 

Usage

Click the '+' button under Source/Destination column, choose import 'Updatable Objects', and then choose the relevant continent/country from the countries options.

Below is an example of adding Geo updatable objects to Source and Destination columns in Access Policy:

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment