USG60 Wishing to block an IP Range - How to?

Hiya, I woiuld like to block a range of external IP's from attemping to access the server within the network.

I have tried to add the range to the Object - Geo-ip section but the IP rage is still getting through.

Any help appreciated! :)

All Replies

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 2021

    Content Filter needs to be activated for Geo-ip to work.

    On the Address click add

    name = name

    address type = GEOGRAPHY

    region = select one


    Then go to security policy > policy control add

    name = name

    from = WAN

    To = LAN1?

    Source = your above Geo-ip object

    action = deny



  • Thank for that.
    I believe we subscribe to content filter?
    In fact to:

    Anti-Spam

    Gateway Anti-Virus_Bitdefender Signature

    Content Filter

    IDP

    SecuReporter Premium
    Could it not be activated?
  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    In Licensing > Registration > service tab does it say "Activated" for Content Filter 2.0?

    Have you updated the Country Database in Geo IP



  • Hi, Yes, all 5 are actviated.The country database is up to date and set to autoupdate.
    It was the IP range I set in the section 'Custom IPv4 to Geography Rules' that did not seem to work.

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment
    Hi @Blobby123,

    Did you try to create Address range object and assign it to a Security Policy rule?

    1- Create address range object (Configuration > Object > Address/Geo IP)


    2- Assign it to a Security Policy rule (Configuration > Security Policy > Policy Control)


    Also, please make sure Policy Control is enabled (Configuration > Security Policy > Policy Control)

Security Highlight