HOWTO" verify geo-protection blocks on Checkpoint Security Gateway

If you ever deploy geo-protection policies and block specific countries, you can easily witness blocks by logging into the checkpoint appliance and by running the follow command

   fw ctl zdebug drop | grep -i geo 


geo.database file is located in the IpToCountry.csv and you can verify that it's been updated by looking at it's timestamp

The above will display traffic that is blocked by the geo-protection. Keep in mind geo-protection rules are analyze before the access.rule

You can use maxmind to verify src of origination

So if you block let's say "russia" via geo-protection and then write an access-rule to allow a specific russian host in, that would not work unless you had a geo-protection exception for that ipv4 source.


 

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \