How do i configure geolocation to block only by source in policy watchguard

is it possible to block a traffic from particular country only by source in policy watchguard? for example:
Source: country name by geolocation-blocking
Destination: any

Answers

  • Yes with the Geolocation optional feature - have multiple Geo actions, with 1 containing the county to be blocked.
    Apply that Geo action to the desired incoming policies.

    About Geolocation
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/geo/geo_about_c.html

  • Hi Bruce_Briggs

    in this case:
    Geolocation: only IDN blocked, applied to packet filter incoming HTTP policy
    src: any
    dst: public ip -> private ip using SNAT

    i got this log with geo_dst="IDN" blocked:
    2022-08-31 03:01:57 WG-01 Deny 9.11.49.88 13.16.39.10 http/tcp 38158 80 V106-IFORTE2 Firebox blocked sites (geolocation destination) 40 242 (HTTP-dummy-00) proc_id="firewall" rc="101" msg_id="3000-0173" tcp_info="offset 5 S 3307405712 win 65535" geo_src="USA" geo_dst="IDN" geo="geo_dst" Traffic

    how to configure to block only based on geo_src="IDN" meanwhile, geo_dst="IDN" is allow?

  • edited August 30

    It appears that this is an outgoing HTTP packet, upon which you have applied a Geo action which blocks IDN.

    Geo will block for both source AND dest on a packet.
    There is no ability to change that.
    You need to have multiple Geo actions and have the correct one on outgoing policies (doesn't block IND) and the correct one on incoming policies (does block IND).

  • Depending on where you live, you should note that many Microsoft Windows Updates are now originating in India. So you might want another policy to allow connections from Microsoft that is above a broader geoblocking policy.

Sign In to comment.