Geo-blocking Plan

Badger_89 · ‎12-17-2024

Hi

I have the below requirement just looking for thoughts on the best way to do it....I need to do outbound blocking only for now.

The site has a /16 assigned to it, carved up into many small subnets.....Most of the subnets will have the same banned countries, however, there are 3 subnets (scattered all round the /16) that require no restrictions.

What is the cleanest way to tackle this? Couple of options that came to mind are

1. Create an address group for the /16, and use address exclude for the 3 subnets. Then in the rule block access to the restricted countries. Never used this feature before but it seems appropriate here.

2. Do the internet rules for the 3 VLAN's first, then block the countries for the rest, then do the normal rules for the rest

any other ideas?

thanks

Toshi_Esumi · ‎12-17-2024

Definitely No.2 is better. Especially, when you need to add more to the exceptions.

Toshi

View solution in original post

dingjerry_FTNT · ‎12-17-2024

Hi @Badger_89 ,

Option #2 is much easier.

Regards,

Jerry

View solution in original post

Theo4 · ‎12-18-2024

I would also go with number 2. Easier and clearer for others managing the same firewall

View solution in original post

Toshi_Esumi · ‎12-17-2024

Definitely No.2 is better. Especially, when you need to add more to the exceptions.

Toshi

dingjerry_FTNT · ‎12-17-2024

Hi @Badger_89 ,

Option #2 is much easier.

Regards,

Jerry

Theo4 · ‎12-18-2024

I would also go with number 2. Easier and clearer for others managing the same firewall

Badger_89 · ‎12-19-2024

thanks for the feedback, will go option 2

Geo-blocking Plan

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website