Views:
Geolocation filtering includes a default Geolocation package, which provides the ability to block incoming and outgoing IPv4 requests according to countries or regions.
Note
Note
Your Network Security virtual appliances must use version 2020.10.0 or later to successfully distribute Geolocation filters.
All countries within the Geolocation package are permitted by default. To configure a policy that restricts traffic to only your business's most essential regions, select from the list those countries or regions that you want to block. You cannot change this Block action. A notification of the event will also be sent to the syslog server you have configured (for example, Splunk).
Note
Note
Region codes, such as EU and AP, are used only when a specific country code has not been designated. Blocking by EU or AP will affect only a small portion of IP addresses. For a more precise strategy, list the countries you want to block individually.
You do not have to extract or distribute this default package to your virtual appliances. Geolocation information is updated every week.

Configure Geolocation filtering using the GUI Parent topic

Procedure

  1. From the navigation panel, click the Policy icon policy-nav-icon=5217ac52-7505-46ce-8259-075689707298.svg and select Geolocation Filtering.
  2. Click the Configure Geolocation Filtering button to create a geolocation policy, or the Configuration Settings cog cog-icon=7a3d0f2a-fa0b-47f4-a8ae-993d4c70f85b.svg to edit your existing filter.
  3. In the Configure Geolocation Filtering dialog, the Filter State's default setting is Enabled. If you want to preserve your Geolocation filter in an inactive state, set the toggle to Disabled.
  4. From the left panel of listed countries and regions, select the ones whose traffic you want to block, and click Add.
  5. Review the choices you have added to the right panel. The geolocation filter will block all traffic to and from these countries, and a notification will be sent to the syslog server you have configured. If you decide to remove any of the countries from the filter, select them and then click Remove.
  6. Click Save.
  7. To completely remove your Geolocation filter configuration, click the Delete icon delete-icon=10336c8b-0762-4ea1-a9d0-ef4ec80cc546.svg .
  8. Redistribute the policy to your managed virtual appliances for all your configuration changes to take effect. Learn more.

Configure Geolocation filtering using APIs Parent topic

You can also use the following microservice REST APIs to collect Geolocation information:

Procedure

  1. To list the available Geolocation policies (currently the default policy only):
    <codeblock>
    GET /api/geopolicies
    </codeblock>
  2. To get a description of a Geolocation policy according to its ID (currently the default policy only):
    <codeblock>
    GET /api/geopolicies/{id}
    </codeblock>
  3. To review a list of all countries by their International Organization for Standardization (ISO) codes in the default Geolocation package:
    <codeblock>
    GET /api/geoentries/countries
    </codeblock>
    From this list, you can specify the countries whose traffic you want to block.
  4. To update your Geo policy so that traffic to and from countries you select are blocked, specify the ISO code for those countries (from the list returned in the preceding step) in the countryIsoCodes field:
    <codeblock>
    PUT /api/geopolicies/{id}
    {
      "enabled": true,
      "rule": {
        "selector": {
          "countryIsoCodes": ["SELECTED_ISO_CODE_1", "SELECTED_ISO_CODE_2"],
          "includesAnonymousProxy": false
        }
      }
    }
    </codeblock>
    For example, if you wanted to block traffic to and from Taiwan and Japan, you would enter the ISO codes of the country in the `countryIsoCodes` field:

    <codeblock>
    PUT /api/geopolicies/{id}
    {
      "enabled": true,
      "rule": {
        "selector": {
          "countryIsoCodes": ["TW", "JP"],
          "includesAnonymousProxy": false
        }
      }
    }
    </codeblock>
    To block traffic coming from and to anonymous proxies, set `includesAnonymousProxy` to `true`.
  5. To distribute a specific Geo policy according to its ID (currently the default policy only) to a specific virtual appliance:
    <codeblock>
    POST /api/geopolicies/{policyId}/appliances/{applianceId}/distribute
    </codeblock>
  6. To list all of your Geolocation distributions:
    <codeblock>
    GET /api/geodistributions
    </codeblock>
  7. To check the availability of Geo packages (currently the default package only):
    <codeblock>
    GET /api/geopackages
    </codeblock>
    To learn more about these REST APIs, refer to the API Reference.