is it possible to block a traffic from particular country only by source in policy watchguard? for example:
Source: country name by geolocation-blocking
Yes with the Geolocation optional feature - have multiple Geo actions, with 1 containing the county to be blocked.
Apply that Geo action to the desired incoming policies.
in this case:
Geolocation: only IDN blocked, applied to packet filter incoming HTTP policy
dst: public ip -> private ip using SNAT
i got this log with geo_dst="IDN" blocked:
2022-08-31 03:01:57 WG-01 Deny 18.104.22.168 22.214.171.124 http/tcp 38158 80 V106-IFORTE2 Firebox blocked sites (geolocation destination) 40 242 (HTTP-dummy-00) proc_id="firewall" rc="101" msg_id="3000-0173" tcp_info="offset 5 S 3307405712 win 65535" geo_src="USA" geo_dst="IDN" geo="geo_dst" Traffic
how to configure to block only based on geo_src="IDN" meanwhile, geo_dst="IDN" is allow?
It appears that this is an outgoing HTTP packet, upon which you have applied a Geo action which blocks IDN.
Geo will block for both source AND dest on a packet.
There is no ability to change that.
You need to have multiple Geo actions and have the correct one on outgoing policies (doesn't block IND) and the correct one on incoming policies (does block IND).
Depending on where you live, you should note that many Microsoft Windows Updates are now originating in India. So you might want another policy to allow connections from Microsoft that is above a broader geoblocking policy.