USG40 Geo IP Not Working

enpingado
enpingado Posts: 3  Freshman Member
Third Anniversary
my USG-40 does not appear to be blocking based on Geo IP.

i have FW 4.65(AA 1), Geo IP date is 8-17-21

i create object for russia, used the geography setting.
then made policy as 1st rule to Deny, From Any, To Any Source-russia, Log
And i dont see anything in the log blocking traffic. 
But i see the Default Rule Denying Russia labeled IPs in the log. 

Why is my rule not blocking it?
Do i need to reboot after making new rules?

Best Answers

  • gb5102
    gb5102 Posts: 25  Freshman Member
    First Comment Friend Collector Third Anniversary
    edited August 2021 Answer ✓
    Add a 2nd rule below the first one you created:
    From: Any
    To: ZyWALL
    Source: russia
    Action: Deny/log

    Reboot is not required for new rules to take effect.

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited August 2021 Answer ✓

    You need both.

    From any to ZyWALL only blocks to the USG like remote login (if you have a rule to allow that) and VPN.

    From any to any (except ZyWall) blocks like a NAT rule to a server for WAN to LAN and LAN to WAN


All Replies

  • gb5102
    gb5102 Posts: 25  Freshman Member
    First Comment Friend Collector Third Anniversary
    edited August 2021 Answer ✓
    Add a 2nd rule below the first one you created:
    From: Any
    To: ZyWALL
    Source: russia
    Action: Deny/log

    Reboot is not required for new rules to take effect.

  • enpingado
    enpingado Posts: 3  Freshman Member
    Third Anniversary
    great that worked perfect. So are two rules neccesary or just one?

    I see some suspect IP scanning different ports on my public static IP.
    Do i only need to block using rules with To=ZyWALL or both ZyWALL and other rule for Any(except ZyWall)?

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited August 2021 Answer ✓

    You need both.

    From any to ZyWALL only blocks to the USG like remote login (if you have a rule to allow that) and VPN.

    From any to any (except ZyWall) blocks like a NAT rule to a server for WAN to LAN and LAN to WAN


  • enpingado
    enpingado Posts: 3  Freshman Member
    Third Anniversary
    great thanks!

Security Highlight