This will be used in cases where you want traffic from all countries/geo-locations to be allowed through FortiDDoS (this traffic will be analyzed first accordingly with SPP settings; this does not mean it is implicitly allowed), but you just want to blacklist some countries (For example: only Russia; it will not be analyzed but it will be implicitly blocked).
Countries that are blocked will not be analyzed and checked against FortiDDoS thresholds, they will be automatically dropped. All other countries will be processed by FortiDDoS.
This will block traffic from all countries (it will implicitly block all traffic without analysis) expect the one that you specifically allow (this traffic will be analyzed first accordingly with SPP settings; this doesn’t mean it’s implicitly allowed). Let us say that in your environment, you want to allow traffic only from your home country (For example, in the case of a University where you want to allow your students to connect only from your country) and block everything else, then you would use this feature.Frequently asked questions
Countries that are allowed will be analyzed by FortiDDoS. All other countries will be implicitly blocked.
Yes. If you want to white-list some countries you would have to use option (b) Deny all and allow some, which means that traffic from all other countries that are not white-listed will be blocked. Note that white-list does not mean that this country will be implicitly allowed but will be analyzed first by FortiDDoS.
No. Only Incoming traffic which can be from all around the world. This option would not be meaningful for Outgoing traffic.
This sounds good in theory, but there is one very important thing you have to think about: "IP spoofing". Imagine that a potential attacker realizes that you have your country white-listed and that FortiDDoS would not then analyze this traffic. In this case the attacker could very easily spoof it's IP address and put some from your country and kill your servers very fast.