IPS Geo-Protection Based on "X-Forwarded-For" HTTP Header
The IPS
Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). Geo protection feature filters or logs traffic based on the country of origin. This protection applies to the source address of the connection and any IPv4 address present in an "X-Forwarded-For" HTTP header.
CME example: autoprov_cfg set template –tn TEMPLATE_NAME –xff
Consider these examples:
Example 1:
A client in country "A" connects directly to the External Load Balancer. The Load Balancer forwards the connection to one of the Check Point CloudGuard Security Gateways, leaving the source IP address unchanged. The Check Point Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.'s IPS Geo protection identifies the country of origin as "A" and either logs or drops the connection (based on the policy).
Example 2:
A client in country "A" connects to the External Load Balancer through a proxy in country "B". The proxy adds an "X-Forwarded-For" HTTP header with the IP address of the client in "A". The Load Balancer forwards the connection to one of the Check Point CloudGuard Security Gateways. The Check PointSecurity Gateway's IPS Geo protection identifies the country of origin as "A" and either logs or drops the connection (based on the policy).
|
|
Notes:
|
For more information about IPS Geo protection based on the "X-Forwarded-For" HTTP header in Check Point CloudGuard for AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. / CloudGuard for GCP Google® Cloud Platform is a suite of products and services that includes hosting, cloud computing, database services and more., refer to sk115532.