How to block traffic to or from a specific country

Overview

With our new geolocation capabilities, you can now use the Firewall application to block traffic coming to or from foreign countries. To block traffic coming from a certain country (or countries), we can use a simple Firewall rule. 

  1. Go to the Apps view and then click the Firewall application.
  2. Click on the Rules tab and then the Add button to create a new rule.
  3. Give the new rule a description that helps you identify the rule in the future, then click Add Conditions to define the conditions under which the rule will trigger.

Blocking inbound traffic

To block traffic coming from a foreign country/countries you would select the condition Client Country is and then select the country or countries you want to block from the pre-populated list by clicking in to the Value field. In this example we are blocking all traffic coming from China:
client_country.png

 

Blocking outbound traffic

To block outbound traffic from your local network going to certain countries, we follow the same steps as described above and change the rule condition to Server Country is as seen in this screenshot:
server_country.png 

 

Allowing only traffic within a specified country

To block all traffic originating from or destined to countries outside of the location where the NG Firewall is deployed is possible with a single rule. For example, to block any non-United States traffic, we would create a rule with both these conditions:

  • Client Country is not US, XL
  • Server Country is not US, XL

mceclip0.png

 

Important: allow local traffic

It's very important to include Local [XL] in the "allowed" list of countries. Failing to do so will result in internal traffic being blocked!

Follow
Was this article helpful?
41 out of 45 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Powered by Zendesk