Whitelisted IPs

CLOODY
CLOODY Posts: 7  Freshman Member
First Comment Fourth Anniversary
edited September 26 in Security

Good morning I wanted to ask how to authorize an ip to my website protected by ATP200.
My security Plicy is configured to allow only Italian addresses. I need to authorize some IPs from other countries, I added them in the allow List of the Reputation Filter/IP Reputation of the Security Service section
Is it correct or do I have to do something else
Thank you

All Replies

  • jonatan
    jonatan Posts: 170  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    edited September 26

    @CLOODY

    Use Geo-IP, add the necessary IP addresses indicating the country of origin, and the gateway will let them through.

    There should also be an appropriate policy for switching from a global network to a local one for the necessary service.

    In the object type GEOGRAPHY , region Italy. and in the policies in the source, select it for long-term access from all italy addresses

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,175  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @CLOODY

    Configuring these IP addresses in the allowed list of the IP Reputation cannot fulfill your requirement. Please reference the steps that @jonatan provided.

    Zyxel Melen

    Don't miss this great chance to upgrade your Nebula org. for free! 


  • CLOODY
    CLOODY Posts: 7  Freshman Member
    First Comment Fourth Anniversary

    Ok Provo quanto descritto da @Jonatan

  • zyman2008
    zyman2008 Posts: 216  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary

    I think it not a good approach to add the IP address into Geo/Country in this case.

    From the security operation point of view.

    To add another security policy with address group object is the right way to fit that.

    (1) It's more visible the full rules on the same security policy page.

    (2) You can identify firewall logging by different rule number.

    (3) You can easy to enable/disable rules for troubleshooting.

    (4) It don't cause misuse the Geo Country object if the Country object using on the other policy.

  • CLOODY
    CLOODY Posts: 7  Freshman Member
    First Comment Fourth Anniversary

    Sorry I didn't understand well. Two criteria, one that allows only IPs from Italy and another that authorizes some IPs even if not Italian, can both coexist and do they both rule?

  • jonatan
    jonatan Posts: 170  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary

    @CLOODY

    If the request is for the same service, then the rules will mutually exclude each other. The one above the list will work.

Security Highlight