Skip to main content
Badger_89
Badger_89
Explorer II
December 17, 2024
Solved

Geo-blocking Plan

  • December 17, 2024
  • 4 replies
  • 1670 views

Hi

 

I have the below requirement just looking for thoughts on the best way to do it....I need to do outbound blocking only for now.

 

The site has a /16 assigned to it, carved up into many small subnets.....Most of the subnets will have the same banned countries, however, there are 3 subnets (scattered all round the /16) that require no restrictions.

 

What is the cleanest way to tackle this? Couple of options that came to mind are

 

1. Create an address group for the /16, and use address exclude for the 3 subnets. Then in the rule block access to the restricted countries. Never used this feature before but it seems appropriate here.

 

2. Do the internet rules for the 3 VLAN's first, then block the countries for the rest, then do the normal rules for the rest

 

any other ideas?

 

thanks

 

 

Best answer by Toshi_Esumi

Definitely No.2 is better. Especially, when you need to add more to the exceptions.

Toshi

4 replies

Toshi_Esumi
SuperUser
Toshi_EsumiAnswer
SuperUser
December 17, 2024

Definitely No.2 is better. Especially, when you need to add more to the exceptions.

Toshi

    dingjerry_FTNT
    Staff
    dingjerry_FTNT
    Staff
    December 17, 2024

    Hi @Badger_89 ,

     

    Option #2 is much easier.

      Theo4
      Theo4
      Explorer
      December 18, 2024

      I would also go with number 2. Easier and clearer for others managing the same firewall

        Badger_89
        Badger_89Author
        Explorer II
        December 19, 2024

        thanks for the feedback, will go option 2

        Terms & ConditionsAccessibility statement