Geo-IP

The Settings page in POLICY | Rules and Policies > Settings > GEO-IP | Settings provides a group of settings that can be configured for Geo-IP Filtering. Several of the settings have (information) icons next to them that give screen tips about that setting. Geo-IP assists in matching the traffic to a particular policy.

Security Policies can be configured with Geo-IP set to a particular country(s) and have them blocked to achieve this behavior.

 

• Custom List

• Using Geo-IP Diagnostics

Policy-based Settings

To enable Policy-based settings

1. When Block connections when Geo IP database is not downloaded and rules need Geo locationis enabled, all connections are dropped when the Geo-IP map database is not downloaded and your policies still need country details.
2. When Bypass decryption when Geo IP database is not downloaded and policies need Geo location is enabled, all connections bypass decryption when the Geo-IP map database is not downloaded and your policies still need country details.

Global Settings

To enable Global settings

1. Enable Custom List - This option is disabled by default. Custom lists are sometimes used to correct a false country assignment for an IP address. When the checkbox is selected, Override Firewall Countries by Custom List is made available.

2. Override Firewall Countries by Custom List - This selection is only available when Enable Custom List is enabled. It allows your custom list to override the firewall list where there are differences. Unless you select this Override, the firewall list takes precedence, even when you have enabled a custom list.

3. Click Accept to save your settings.