Table of contents

Geolocation filtering

Geolocation filtering includes a default Geolocation package, which provides the ability to block incoming and outgoing IPv4 requests according to countries or regions.


NOTE

Your Network Security virtual appliances must use version 2020.10.0 or later to successfully distribute Geolocation filters.


All countries within the Geolocation package are permitted by default. To configure a policy that restricts traffic to only your business's most essential regions, select from the list those countries or regions that you want to block. You cannot change this Block action. A notification of the event will also be sent to the syslog server you have configured (for example, Splunk).


NOTE

Region codes, such as EU and AP, are used only when a specific country code has not been designated. Blocking by EU or AP will affect only a small portion of IP addresses. For a more precise strategy, list the countries you want to block individually.


You do not have to extract or distribute this default package to your virtual appliances. Geolocation information is updated every week.

Configure Geolocation filtering using the GUI

  1. From the navigation panel, click the Policy icon policies icon and select Geolocation Filtering.
  2. Click the Configure Geolocation Filtering button to create a geolocation policy, or the Configuration Settings cog settings cog to edit your existing filter.
  3. In the Configure Geolocation Filtering dialog, the Filter State's default setting is Enabled. If you want to preserve your Geolocation filter in an inactive state, set the toggle to Disabled.
  4. From the left panel of listed countries and regions, select the ones whose traffic you want to block, and click Add.
  5. Review the choices you have added to the right panel. The geolocation filter will block all traffic to and from these countries, and a notification will be sent to the syslog server you have configured. If you decide to remove any of the countries from the filter, select them and then click Remove.
  6. Click Save.
  7. To completely remove your Geolocation filter configuration, click the Delete icon delete icon .
  8. Redistribute the policy to your managed virtual appliances for all your configuration changes to take effect. Learn more.

Configure Geolocation filtering using APIs

You can also use the following microservice REST APIs to collect Geolocation information:

  1. To list the available Geolocation policies (currently the default policy only):

    GET /api/geopolicies
    

  2. To get a description of a Geolocation policy according to its ID (currently the default policy only):

    GET /api/geopolicies/{id}
    

  3. To review a list of all countries by their International Organization for Standardization (ISO) codes in the default Geolocation package:

    GET /api/geoentries/countries
    

    From this list, you can specify the countries whose traffic you want to block.

  4. To update your Geo policy so that traffic to and from countries you select are blocked, specify the ISO code for those countries (from the list returned in the preceding step) in the countryIsoCodes field:

    PUT /api/geopolicies/{id}
    {
      "enabled": true,
      "rule": {
        "selector": {
          "countryIsoCodes": ["SELECTED_ISO_CODE_1", "SELECTED_ISO_CODE_2"],
          "includesAnonymousProxy": false
        }
      }
    }
    

    For example, if you wanted to block traffic to and from Taiwan and Japan, you would enter the ISO codes of the country in the countryIsoCodes field:

    PUT /api/geopolicies/{id}
    {
      "enabled": true,
      "rule": {
        "selector": {
          "countryIsoCodes": ["TW", "JP"],
          "includesAnonymousProxy": false
        }
      }
    }
    

    To block traffic coming from and to anonymous proxies, set includesAnonymousProxy to true.

  5. To distribute a specific Geo policy according to its ID (currently the default policy only) to a specific virtual appliance:

    POST /api/geopolicies/{policyId}/appliances/{applianceId}/distribute
    

  6. To list all of your Geolocation distributions:

    GET /api/geodistributions
    

  7. To check the availability of Geo packages (currently the default package only):

    GET /api/geopackages
    

To learn more about these REST APIs, refer to the API Reference.