Help Center User GuideGetting StartedFAQRelease Notes
User Guide
Getting Started
Release Notes

Creating Geo IP Policies

You can create Geo IP policies from the Geo IP policies page.

Before You Begin


To create a Geo IP policy:

  1. Select Configure>Shared Objects>Geo IP.
  2. Click the + icon.
  3. Complete the configuration by using the guidelines in Table 260 below.
  4. Click OK.

Table 308: Fields on the Geo IP Policy Page


Enter a unique string that must begin with an alphanumeric character and can include underscores; no spaces allowed; 63-character maximum.


Enter a description; maximum length is 1024 characters. You should make this description as useful as possible for all administrators.


Select the check box beside the countries in the Available list and click the > icon to move them to the Selected list. The countries in the Selected list will be included in the policy and action will be taken according to their threat level.

Block Traffic

Choose what traffic to block from the selected countries. Incoming traffic, Outgoing traffic, or Incoming and Outgoing traffic. (Policy Enforcer only)

Log Setting

Choose to log all traffic or only blocked traffic. (Policy Enforcer only)


Once you have a Geo IP policy, you assign it to one more groups (Policy Enforcer only):

To assign a Geo IP policy to a group or groups:

  1. In the Group column, click the Assign to Groups link that appears here when there are no groups assigned or click the group name that appears in this column to edit the existing list of assigned groups.
  2. In the Assign to Groups page, select the check box beside a group in the Available list and click the > icon to move it to the Selected list. The groups in the Selected list will be assigned to the policy.
  3. Click OK.
  4. Once one or more groups have been assigned, a Ready to Update link appears in the Status column. You must update to apply your new or edited policy configuration. Clicking the Ready to Update link takes you the Threat Policy Analysis page. See Threat Policy Analysis Overview. From there you can view your changes and choose to Update now, Update later, or Save them in draft form without updating.
  5. If you are using Sky ATP without Policy Enforcer, you must select your Geo IP policy as the source and/or destination of a firewall rule. Navigate to Configure > Firewall Policy > Policies.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support