Support Center > Search Results > SecureKnowledge Details
Restricting Gateways to Send Files for Emulation only in a Specific Country (Threat Emulation Geo-Restriction) Technical Level
Solution

Overview

Unless configured otherwise, gateways send files for emulation (sandbox) in the Check Point Threat Emulation Cloud. This cloud is distributed over multiple regions around the world.
Some administrators want to restrict the emulation (sandboxing) to take place only in a specific country.

Pre-requisites

  • Geo restriction is supported for Threat Emulation engine Version of 59.990000238
    or higher.
    • To see the current engine version, on the Security Gateway, run:
      [Expert@GW_HostName]# tecli advanced engine version

Review Current Geo Restriction Settings 

To see the current Cloud Geo Restriction configuration and a list of available countries, run the following command: 

[Expert@GW_HostName]# tecli advanced cloud geo status

Example 1:

[Expert@GW_HostName]# tecli advanced cloud geo
 Command: root->advanced->cloud->geo
Available options:
  status    - show Cloud Geographical Restriction status
  restrict  - restrict to a specific Cloud Geographic location
  default   - use automatic Cloud Geographic location   

Example 2:

[Expert@GW_HostName]# tecli advanced cloud geo status

|Country        |State
|--------------|----------
|Australia      |forbidden 
|China           |forbidden
|Germany      |forbidden
|USA              |allowed

Restrict Gateway Threat Emulation to a Specific Country

  1. Switch the Cloud Geo Restriction on the Security gateway to Advanced mode by running the following command:

    [Expert@GW_HostName]# tecli advanced cloud geo

  2. Select the country to restrict Threat Emulation to, by running the following command:

    [Expert@GW_HostName]# tecli advanced cloud geo restrict <Germany|USA|China|Australia>

    Example:

    [Expert@GW_HostName]# tecli advanced cloud geo restrict USA
  3. Restart the TED daemon to reload the modified settings, by running the following command: 
    [Expert@HostName:0]# fw kill ted
Important Note - if you have Gateways located in China, you must also follow sk168057: Restricting Threat Prevention Gateways to China (Geo-Restriction) for more required configuration changes. 

Disable Geo Restriction on a Gateway Threat Emulation:

  • Disable the Geo Restriction and revert to the default settings by running the following command:

    [Expert@GW_HostName]# tecli advanced cloud geo default

  • To validate, run the following command:

    [Expert@GW_HostName]# tecli advanced cloud geo status
  • The command output should be "allowed" for all supported countries


Related solutions:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment