How to block traffic to or from a specific country


With our new geolocation capabilities, you can now use the Firewall application to block traffic coming to or from foreign countries. To block traffic coming from a certain country (or countries), we can use a simple Firewall rule. 

  1. Go to the Apps view and then click the Firewall application.
  2. Click on the Rules tab and then the Add button to create a new rule.
  3. Give the new rule a description that helps you identify the rule in the future, then click Add Conditions to define the conditions under which the rule will trigger.

Blocking inbound traffic

To block traffic coming from a foreign country/countries you would select the condition Client Country is and then select the country or countries you want to block from the pre-populated list by clicking in to the Value field. In this example we are blocking all traffic coming from China:


Blocking outbound traffic

To block outbound traffic from your local network going to certain countries, we follow the same steps as described above and change the rule condition to Server Country is as seen in this screenshot:


Allowing only traffic within a specified country

To block all traffic originating from or destined to countries outside of the location where the NG Firewall is deployed is possible with a single rule. For example, to block any non-United States traffic, we would create a rule with both these conditions:

  • Client Country is not US, XL
  • Server Country is not US, XL



Important: allow local traffic

It's very important to include Local [XL] in the "allowed" list of countries. Failing to do so will result in internal traffic being blocked!

Was this article helpful?
41 out of 45 found this helpful
Have more questions? Submit a request



Article is closed for comments.

Powered by Zendesk