Does ADP take into consideration the GeoIP and the rules with blocked ranges?

Zyxel_USG_User

Does ADP take into consideration the blocking rules entered in the GeoIP? I have for example blocked specific countries, and still there are often ADP hits from these blocked countries.

I am aware tha the GeoIP database for any country or continent may not include the latest status for public IP ranges, but nevertheless - I get ADP hits from all the blocked countries.

Can somebody answer my question above?

Many thanks in advance

Zyxel_Judy

Hi @Zyxel_USG_User ,

Based on your description, we assume you've implemented GeoIP blocking rules in your firewall security policy. However, it's important to understand the processing order:

• ADP (Anomaly Detection & Prevention) rules take priority over firewall security rules. The firewall first checks incoming packets against ADP rules.
• If a packet is not blocked by ADP, the firewall then checks it against security policies.

Key point: ADP does not consider the blocking rules set in GeoIP. This means that even if you have GeoIP rules in firewall security policy, ADP will process packets independently of these rules.

Zyxel_USG_User

Thanks for the very clear statement,very helpful to understand how the FW works.

Zyxel_Judy

Hi @Zyxel_USG_User ,

Based on your description, we assume you've implemented GeoIP blocking rules in your firewall security policy. However, it's important to understand the processing order:

• ADP (Anomaly Detection & Prevention) rules take priority over firewall security rules. The firewall first checks incoming packets against ADP rules.
• If a packet is not blocked by ADP, the firewall then checks it against security policies.

Key point: ADP does not consider the blocking rules set in GeoIP. This means that even if you have GeoIP rules in firewall security policy, ADP will process packets independently of these rules.

Zyxel_USG_User

Thanks for the very clear statement,very helpful to understand how the FW works.