USG60 Wishing to block an IP Range - How to?

Blobby123

Hiya, I woiuld like to block a range of external IP's from attemping to access the server within the network.

I have tried to add the range to the Object - Geo-ip section but the IP rage is still getting through.

Any help appreciated!

PeterUK

Content Filter needs to be activated for Geo-ip to work.

On the Address click add

name = name

address type = GEOGRAPHY

region = select one

Then go to security policy > policy control add

name = name

from = WAN

To = LAN1?

Source = your above Geo-ip object

action = deny

Blobby123

Thank for that.

I believe we subscribe to content filter?

In fact to:

	Anti-Spam
	Gateway Anti-Virus_Bitdefender Signature
	Content Filter
	IDP
	SecuReporter Premium

Could it not be activated?

PeterUK

In Licensing > Registration > service tab does it say "Activated" for Content Filter 2.0?

Have you updated the Country Database in Geo IP

Blobby123

Hi, Yes, all 5 are actviated.The country database is up to date and set to autoupdate.

It was the IP range I set in the section 'Custom IPv4 to Geography Rules' that did not seem to work.

Zyxel_Can

Hi @Blobby123,

Did you try to create Address range object and assign it to a Security Policy rule?

1- Create address range object (Configuration > Object > Address/Geo IP)


2- Assign it to a Security Policy rule (Configuration > Security Policy > Policy Control)


Also, please make sure Policy Control is enabled (Configuration > Security Policy > Policy Control)