This tutorial will guide you through the GeoIP function, which was introduced from v4.20 onwards!
Walkthrough Steps
After you went through these steps, you can block the access to your USG or network for specific countries:
- Log in to the unit by entering its IP address and the credentials for an admin account (by default, the username is “admin”, the password is “1234”)
- Navigate to Configuration > Object > Address/Geo IP and click “Add”
- Type in a speaking name for the object, choose “GEOGRAPHY” as the Address Type, choose the needed Country and click “OK”
- Using the tab “Geo IP” above you can update the Geo IP database, configure an automatic update schedule for the database, create your IPv4 to Geography rules and test different IPs to see to which Country they belong
- Navigate to Configuration > Security Policy > Policy Control and click “Add”
- Choose “From: any”, “To: any (Excluding ZyWall)”, the Geo IP country object for the Source and click “OK”
- Choose "Action: Deny".
After setting this firewall rule to active, requests from that Country to your internal networks will be blocked in the future. You can enable the logging for that rule to see in the logs under Monitor > Log.
Please note: To also block the access for that Country to your ZyWall, you would need to create a second firewall rule similar to the first one where you define the Destination “ZyWall”.
KB-00045
Comments
1 comment
Why can't I create an address group by GEO-IP??????
Please sign in to leave a comment.