How to use the Geo-IP feature?

Zyxel_Kay
Zyxel_Kay Posts: 1,199  Zyxel Employee
Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

Background

In today's increasingly interconnected world, ensuring network security is paramount. One effective method is to block internet traffic from specific geographic locations known for high levels of malicious activity. Zyxel’s Geo-IP feature, introduced from firmware version 4.20, allows administrators to restrict traffic from selected countries, enhancing network security. Initially part of the Content Filter feature, Geo-IP became a free feature starting from firmware version 5.02 for ATP/USG FLEX devices and 4.65 for USG/ZyWall110/310/1100 devices.

Scenario

Imagine you are managing a network and want to block traffic from a specific country known for cybersecurity threats. For this example, let's say you want to block traffic from North Korea. By using the Geo-IP feature, you can easily create rules to prevent any traffic from that country from reaching your internal networks or the ZyWall itself.

Steps

  1. Log in to Your Zyxel Device:
    • Access your device by entering its IP address in a web browser.
    • Log in using your admin credentials.
  2. Create a Geo-IP Object:
    • Navigate to Configuration > Object > Address/Geo IP.
    • Click “Add” to create a new Geo-IP object.
    • Name your object (e.g., "Block North Korea").
    • Set the Address Type to “GEOGRAPHY,” choose the country (e.g., North Korea), and click “OK”.
  3. Update the Geo-IP Database (Optional but Recommended):
    • Go to the “Geo IP” tab within the Address/Geo IP configuration.
    • Update the Geo-IP database and set an automatic update schedule.
    • You can also test specific IP addresses to see which country they belong to.
  4. Set Up a Firewall Rule:
    • Navigate to Configuration > Security Policy > Policy Control.
    • Click “Add” to create a new firewall rule.
    • Set “From” to “any” and “To” to “any (Excluding ZyWALL)”.
    • Select the Geo-IP object you created (e.g., "Block North Korea") as the Source.
    • Set the Action to “Deny” and click “OK”.
  5. Activate and Monitor the Rule:
    • Ensure the firewall rule is active.
    • To monitor blocked traffic, enable logging for this rule and check the logs under Monitor > Log.

Note: To block access to the ZyWALL itself, create another firewall rule with the destination set to “ZyWALL.” Keep in mind that sophisticated attacks using proxy servers may bypass Geo-IP restrictions, so this feature adds an additional, but not foolproof, layer of security.

More Information

For a detailed video guide on using the Geo-IP feature, check out this

Kay

See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community