Table of Contents
Click an item to jump directly to that question.
1. What apps/services can use the Geolocation options?
You can use the Geolocation options in the Firewall application and the Policy Manager service.
2. I blocked a country outright but I just looked up this IP and it's from that country. How did it pass?
Sometimes proxies and cloud services can cause no country to be listed and thus not blocked as expected using the Firewall application. A country must be listed for the NG Firewall to recognize its origin.
3. I blocked all non-US traffic and now none of my users have internet access?
This is because your local traffic going outbound will not have a source country listed. You will want to create another Firewall rule appearing above the rule that blocks all non-US-based traffic to allow your LAN traffic to still work as expected.
4. How do I allow a specific WANIP address from a foreign country to pass while blocking all other traffic from that foreign country?
You first create a Firewall rule to block traffic coming from a specific country using the "Client Country is" condition. Then create an allow Firewall rule using the "Source Address" condition and enter the IP from the country you just blocked with your previous firewall rule. Lastly make sure your allow rule appears above your country block rule as these rules are evaluated in top-down order.
5. How do I create rules to block traffic coming from certain countries or going to certain countries?
Please see the article found here - How To Block Traffic Coming From Or Going To Foreign Countries
6. What's the difference between server country and client country?
The server country firewall rule condition applies to traffic leaving your local network and going out to the internet. The client country firewall rule condition applies to inbound traffic coming in to your network.