Creating Geo IP Policies
To access this page, click Configure>Shared Objects>Geo IP.
You can create Geo IP policies from the Geo IP policies page.
You must have a Sky ATP account to receive Geo IP feeds. Make sure you configure the necessary steps for Sky ATP before creating a Geo IP policy.
Geo IP filtering is a useful tool when you are experiencing certain types of attacks, such as DDOS from specific geographical locations.
If you are using Sky ATP without Policy Enforcer, you must select your Geo IP policy as the source and/or destination of a firewall rule to apply it.
To create a Geo IP policy:
- Select Configure>Shared Objects>Geo IP.
- Click the + icon.
- Complete the configuration by using the guidelines in Table 1 below.
- Click OK.
Table 1: Fields on the Geo IP Policy Page
Enter a unique string that must begin with an alphanumeric character and can include underscores; no spaces allowed; 63-character maximum.
Enter a description; maximum length is 1024 characters. You should make this description as useful as possible for all administrators.
Select the check box beside the countries in the Available list and click the > icon to move them to the Selected list. The countries in the Selected list will be included in the policy and action will be taken according to their threat level.
Choose what traffic to block from the selected countries. Incoming traffic, Outgoing traffic, or Incoming and Outgoing traffic. (Policy Enforcer only)
Choose to log all traffic or only blocked traffic. (Policy Enforcer only)
Once you have a Geo IP policy, you assign it to one more groups (Policy Enforcer only):
- In the Group column, click the Assign to Groups link that appears here when there are no groups assigned or click the group name that appears in this column to edit the existing list of assigned groups.
- In the Assign to Groups page, select the check box beside a group in the Available list and click the > icon to move it to the Selected list. The groups in the Selected list will be assigned to the policy.
- Click OK.
- Once one or more groups have been assigned, a Ready to Update link appears in the Status column. You must update to apply your new or edited policy configuration. Clicking the Ready to Update link takes you the Threat Policy Analysis page. See Threat Policy Analysis Overview. From there you can view your changes and choose to Update now, Update later, or Save them in draft form without updating.
- If you are using Sky ATP without Policy Enforcer, you must select your Geo IP policy as the source and/or destination of a firewall rule. Navigate to Configure > Firewall Policy > Policies.