One of the subscription services available on a WatchGuard firewall is Geolocation.  This is included in both Basic Security Suite and Total Security Suite.  Geolocation allows you to block IP addresses based on their country of origin.  While not foolproof, this is a great service to help prevent access to countries your organization does not do business with.

One of the initial benefits of Geolocation is that it is enabled by default on all policies.  While the default “Global” profile is not set to block any countries, it does allow for automatic logging.  You can choose to update this default profile, or build your own.

How to Configure Geolocation

• Subscription Services > Geolocation

• If you would like to use the default Global profile, click it and select Edit. If you would like to create a new profile, click Add.

• You can use either the Map tab or the Country List tab to select the countries you would like to block access to and from

NOTE: Please remember that selecting a country means it is blocked.  Make sure to not click your country of operation.

Once you have selected all of your desired countries to block, click OK

• If you are using the Global action, it is already applied to all policies so no action is needed aside from saving your policy.

• If you opted to create a new profile, select the Policies tab. Specify which policies you would like to apply the new profile to.