How to solve the issue that GEO-IP blocks internal LAN IP that belongs to a certain Geo Region IP?
Zyxel Employee
The administrator wants to block web GUI access from Venezuela so the following security policy is created. However, GEO-IP blocks internal LAN IPs because the LAN subnet has the same IP range of a certain Geo Region IP. How to solve this issue if it is impossible to change the LAN IP address?
Suppose you'd like to block web GUI access from Venezuela. Create an address object by selecting "Venezuela".
Suppose the IP address of lan1 belongs to Venezuela.
In the security policy rule, you can assign a specific zone in “From” and “To” to limit the source/destination IP coming from/to a certain “zone”.Create a security policy rule to block traffic from Venezuela to ZyWALL.From: WAN, To: ZyWALL, Source: All Venezuela, action: deny
From one PC 190.168.1.2 in LAN1, it is still able to access the web GUI 190.168.1.1 successfully because the traffic if from zone “LAN1” but not “WAN”. Hence, it doesn’t hit the block_test rule.
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 89 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 918 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 920 Nebula FAQ
- 422 Security FAQ
- 237 Switch FAQ
- 208 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight