Block Internet Access to Geographic Locations
To prevent users from accessing web sites hosted in certain countries, you can specify a geolocation destination on an internet access rule. This option is available only when the rule action is Block and the rule includes no destinations other than geolocations. Secure Access logs all traffic that is blocked based on configured geolocation.
The location of a site is determined by its public IP address.
Blocked Internet Access
Traffic to a blocked destination may be allowed if a domain resolves to multiple IP addresses corresponding to different countries.
To block access by site location:
- Create an internet access rule.
- (Recommended) Position geolocation rules at the top of the rule list and place any exceptions above the general geolocation rules.
- Choose Block as the rule action.
- Choose Geolocations as the Destination.
- Select continents and countries as applicable.
- In the security controls section, choose a security profile in which decryption is enabled. You can also specify in this profile a notification page that will be displayed to end users who attempt to access destinations blocked by this rule.
Ensure Rule Matching for Encrypted Internet Traffic < Block Internet Access to Geographic Locations > Advanced Application Controls
Updated about 1 month ago