used here for the purpose of illustration.
Command-Line Interface
A. Create the GeolocationFilter object:
gw-world:/> add GeolocationFilter hackerland_filter
B. Next, create the IP Policy object that uses this filter:
gw-world:/> add IPPolicy SourceInterface=any
Web Interface
A. Create the GeolocationFilter object:
1.
Go to: Policies > Firewalling > Geolocation Filter > Add > Geolocation Filter
2.
Now enter:
•
Name: hackerland_filter
•
Add the country Hackerland to the Selected list
•
Enable Match unclassified networks
3.
Click OK
B. Next, create the IP Policy object that uses this filter:
1.
Go to: Policies > Firewalling > Add > IP Policy
2.
Now enter:
•
Name: drop_hackerland
•
Action: Deny
•
Denied Behavior: Drop
•
Source Interface: any
•
Source Network: all-nets
•
Source Geolocation: hackerland_filter
•
Destination Interface: any
•
Destination Network: all-nets
•
Destination Geolocation: Anywhere
Countries=Hackerland
MatchUnknown=true
SourceNetwork=all-nets
DestinationInterface=any
DestinationNetwork=all-nets
Service=all_services
Name=lan_to_dmz
Action=Deny
Drop=Yes
SourceGeoFilter=hackerland_filter
250
Chapter 3: Fundamentals