I see that ASG can already resolve IPs to the parent country in the Network Security dashboard. It would be really nice if blocking by country was an option in the packet filter.
FWIW, there are ways to do this manually... You need to find all the IP blocks, and then create definitions and groups for them.
Barry
Barry,
Yeah, I was going to say in that post that I know it is technically doable manually. But have you seen the table of IP ranges you have to block? I don't know if the ASG could even hold that many rules, but if it could, it would still be hours of work and a pain to maintain. A check box for each country would be really nice.
geo location of ips is not foolproof. I am starting to see folks who are blocking in this fashion and wind up blocking entire ranges because one range used to be african but it got moved to japan and vice versa. This is going to become more of an issue with ipv6.
geo location of ips is not foolproof. I am starting to see folks who are blocking in this fashion and wind up blocking entire ranges because one range used to be african but it got moved to japan and vice versa. This is going to become more of an issue with ipv6.
