[Nebula] Is it possible to allow GeoIP for VPN connection?

Zyxel_Stanley
Zyxel_Stanley Posts: 1,379  Zyxel Employee
100 Answers 1000 Comments Friend Collector Seventh Anniversary
edited May 13 in VPN

Question:
How can I configure my VPN to only allow traffic from specific countries?

Answer:
You can set up a Policy Control rule to allow IKE/ESP traffic from specific countries. Here’s how you can do it:

  1. Navigate to Site-wide > Configure > Firewall > Security Policy.
  2. Create the necessary rules for the specific country:

#1: VPN_Allow
Source: Taiwan, Destination: Device, Service port: UDP 500/4500, Action: Allow.

#2: VPN_Block
Source: Any, Destination: Device, Service port: UDP 500/4500, Action: Deny.

This configuration allows traffic from Taiwan and blocks VPN traffic from all other countries.

Tagged: