USG60 Wishing to block an IP Range - How to?

Hiya, I woiuld like to block a range of external IP's from attemping to access the server within the network.

I have tried to add the range to the Object - Geo-ip section but the IP rage is still getting through.

Any help appreciated! :)

All Replies

  • PeterUK
    PeterUK Posts: 914  Guru Member
    edited April 17

    Content Filter needs to be activated for Geo-ip to work.

    On the Address click add

    name = name

    address type = GEOGRAPHY

    region = select one

    Then go to security policy > policy control add

    name = name

    from = WAN

    To = LAN1?

    Source = your above Geo-ip object

    action = deny

  • Blobby123
    Blobby123 Posts: 3
    Thank for that.
    I believe we subscribe to content filter?
    In fact to:


    Gateway Anti-Virus_Bitdefender Signature

    Content Filter


    SecuReporter Premium
    Could it not be activated?
  • PeterUK
    PeterUK Posts: 914  Guru Member

    In Licensing > Registration > service tab does it say "Activated" for Content Filter 2.0?

    Have you updated the Country Database in Geo IP

  • Blobby123
    Blobby123 Posts: 3
    Hi, Yes, all 5 are actviated.The country database is up to date and set to autoupdate.
    It was the IP range I set in the section 'Custom IPv4 to Geography Rules' that did not seem to work.

  • Zyxel_Can
    Zyxel_Can Posts: 239  Zyxel Employee
    Hi @Blobby123,

    Did you try to create Address range object and assign it to a Security Policy rule?

    1- Create address range object (Configuration > Object > Address/Geo IP)

    2- Assign it to a Security Policy rule (Configuration > Security Policy > Policy Control)

    Also, please make sure Policy Control is enabled (Configuration > Security Policy > Policy Control)

Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!