[ATP/FLEX] How to block IP traffic by Geo IP on Nebula

Zyxel_James
Zyxel_James Posts: 610  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited June 2023 in Security Service

Nebula Control Center supports Geo IP that allows you to block internet traffic coming in from a specific region or country that is usually very suspicious/well-known to be the origin of malicious attacks. On the contrary, you can also only allow internet traffic coming in from your country.


Configure Steps

Go to ConfigureFirewall > Security policy, create a new rule

  • Input a name for the security rule
  • Select Deny as Action
  • Select the suspicious/malicious country as Source
  • Select Any as Destination.

After the Geo IP security rule is configured, requests from that country to your device or your internal networks will be blocked. You can enable the log button to monitor the denied actions.

 

To look up the Geo IP database version, please connect to ssh and input “show geo-ip database version"

To look up the country of the IP address, please connect to ssh and input “show geo-ip geography address x.x.x.x”



Tagged: