Pros/cons in blocking GEO locations from inbound - other use of GEO fencing?

Options
tesagig
tesagig Posts: 60 image  Ally Member
First Comment Friend Collector Fourth Anniversary
in Security
What is the advantage to further protect though incoming traffic from GEO locations?
Should I also block outbound?

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 988 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @tesagig
    If you have a public service and can only connect from your or specify country ,you can use the function to limit. 
    It is not recommended to apply to outbound traffic otherwise there will be many sites unavailable
    All sceniaro have different settings ,  all depend on your needs. 
    We can provide the settings advice if you could me the sceniaro.
    Thank you
    Kevin


  • tesagig
    tesagig Posts: 60 image  Ally Member
    First Comment Friend Collector Fourth Anniversary
    thanks. I don't have any service that need to connect to  USG, other than when I travel; e.g. for security video. Maybe VPN soon.

    So, my thinking was to lock down problem countries that I don't travel to. e.g. Most of Asia, Russia, ....

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 988 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @tesagig
    Please reffer the following settings to block traffic to Asia. 
    1) Create the GEO objects.

    2) Create the rule on top , src:internal dst:GEO_ASIA act:Deny.


    Then traffic from LAN to Asia will be blocked. 
    Thank you
    Kevin

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)