Use GeoBlocking rules to block traffic from a country or continent based on its public IP addresses.
Note
If your network uses public IP address schemes (for example, 11.0.0.0/8), be careful not to accidentally block them when applying GeoBlocking rules. Avoid using these IP address schemes in your network to prevent accidental blocking by future GeoBlocking IP address list updates.
Block a country or continent
- Go to Network > Firewall > GeoBlocking.
- In the Countries/Regions section, you can:
- Select one or more continents to apply GeoBlocking across the whole continent.
Note
Antarctica, Asia and Europe contain ‘countries’ with those same names. Selecting these ‘countries’ does not block traffic.
- Select specific countries. Select the + icon next to the continent and select the countries to be blocked.
- Select a combination of continents and countries.
- Select one or more continents to apply GeoBlocking across the whole continent.
- Select Save changes.
Unblock a country or continent
- Clear the checkbox for the country or continent.
- Select Save changes.
Manage exceptions to the GeoBlock list
Exceptions allow traffic through for specific Source IP addresses, IP ranges or subnets.
Add an exception
- Go to Network > Firewall > GeoBlocking.
- Choose your Exception IPs:
- Enter an IP address and select Add.
- Select the down arrow, then select the IP addresses or Address object groups you have previously added.
- (Optional) Create an Address object group:
- Select Save selected objects as a group, enter a group name, then select Add.
- You can see the contents of a group, edit or delete a group from the Address object manager page.
- Select Save changes.
Remove an exception
- In the Selected objects box, select the X next to the exception to delete.
- Select Save changes.