With our new geolocation capabilities, you can now use the Firewall application to block traffic coming to or from foreign countries. To block traffic coming from a certain country (or countries), we can use a simple Firewall rule.
- Go to the Apps view and then click the Firewall application.
- Click on the Rules tab and then the Add button to create a new rule.
- Give the new rule a description that helps you identify the rule in the future, then click Add Conditions to define the conditions under which the rule will trigger.
Blocking inbound traffic
To block traffic coming from a foreign country/countries you would select the condition Client Country is and then select the country or countries you want to block from the pre-populated list by clicking in to the Value field. In this example we are blocking all traffic coming from China:
Blocking outbound traffic
To block outbound traffic from your local network going to certain countries, we follow the same steps as described above and change the rule condition to Server Country is as seen in this screenshot:
Allowing only traffic within a specified country
To block all traffic originating from or destined to countries outside of the location where the NG Firewall is deployed is possible with a single rule. For example, to block any non-United States traffic, we would create a rule with both these conditions:
- Client Country is not US, XL
- Server Country is not US, XL
Important: allow local traffic
It's very important to include Local [XL] in the "allowed" list of countries. Failing to do so will result in internal traffic being blocked!Follow