Skip to content

Geo-Location-Based Access Control

Geo-Location-Based Access Control

It i possible to allow/deny access to individual resources based on the country their inbound IP is coming from.

Note:As with all IP-based lookup schemes, a user coming via VPN can appear in an alternate location.

Geo-location is done at the granularity of country. Countries are identified by their ISO-code (a 2-letter code unique per country).

Rules have priorities. Lower numbers evaluate first. Rules with the same priority evaluate in parallel, taking the most restrictive answer.

Actions include:

  • Allow
  • Deny
  • Log

An example configuration allowing (priority-0 evaluates first) traffic from Canada, US, and denies (priority-1, NOT Canada, US) the remainder is shown below.