Do You GeoIP Filter?

Question

Do you GeoIP filter? If so, how do you handle Microsoft adresses?

We do GeoIP filtering, basically allowing traffic to US and a few other countries IPs, while denying everything else. Recently this has started to become a significant problem, specifically due to addresses in Microsoft datacenters.

It seems that either these sites are being bounced to data centers around the globe, or Fortinet's GeoIP database is miscategorizing addresses as being in countries that they are not.

We're having valid traffic suddenly blocked because the Microsoft IP was supposedly in an obscure-to-us country. How are you handling this?

ede_pfau · Answer

I build local-in policies based on geo-IP groups, to protect the IPsec VPNs.

For regular policies, I often use the ISDB address object, esp. with MS. Insanely large amount of IPs, but still better than 'ALL'.

I usually do not filter outgoing traffic by country, how would I know in advance which countries to block (except for the usual suspects)?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded