Block Internet Access to Geographic Locations
To prevent users from accessing web sites hosted in the countries you choose, you can specify a geolocation destination.
This option is available only when the rule action is Block and the rule includes no destinations other than geolocations.
The location of a site is determined by its public IP address.
Traffic to a blocked destination may be allowed if a domain resolves to multiple IP addresses corresponding to different countries.
All traffic blocked based on configured geolocation is logged.
To block access by site location:
- Create an internet access rule.
- (Recommended) Position geolocation rules at the top of the rule list and place any exceptions above the general geolocation rules.
- Choose Block as the rule action.
- Choose Geolocations as the Destination.
- Select continents and countries as applicable.
- In the security controls section, choose a security profile in which decryption is enabled. You can also specify in this profile a notification page that will be displayed to end users who attempt to access destinations blocked by this rule.
Ensure Rule Matching for Encrypted Internet Traffic < Block Internet Access to Geographic Locations > Advanced Application Controls
Updated about 2 months ago