Geo Location objects as network objects in R80.20
The Geo database is downloaded from MaxMind, a leading provider of IP Intelligence and online fraud prevention tools.
MaxMind provides mapping of location data for IP addresses. The server downloads the updated database from MaxMind on a daily basis.
To check the current country mapping by test the IP address, visit the GeoIP2 City Database Demo page.
Till R80.20, Customers who wish restricting access to/from a specific country/continent based on IP addresses should add them to the rule base as hosts and have to install policy after every change.
Check Point Solution for R80.20
- For each Country/Continent, Check Point provides a Network Object that can be imported to SmartConsole.
- Each country/continent object matches a list of IP addresses according to the MaxMind database.
- On every update in MaxMind database, these Objects are updated automatically on the GW (no need to run policy installation).
- When the source or destination IP address matches an object, the action is selected according to the policy.
Click the '+' button under Source/Destination column, choose import 'Updatable Objects', and then choose the relevant continent/country from the countries options.
Below is an example of adding Geo updatable objects to Source and Destination columns in Access Policy:
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.