Hi,
Do you know how can I protect my Ipsec remote acces (XGV18 and XG V17.5) by Countries Ip restrictions?
Thanks for you to enlighten me.
This thread was automatically locked due to age.
Hi Samps,
Thank you for reaching out to the Community!
Create a black hole DNAT rule with required(blocked) source countries as "Original Source" and UDP 500/4500 in "Original Services."
Check out the following document for more information:
The same concept applies to firmware v17.5; for the local services, you'd need to create a black hole DNAT rule and forward the traffic from specific countries to a dummy internal host(a host that does not exist).
Thanks,
Hi Samps,
Apologies for the confusion. You would need to select the countries you want to block connection with the black hole DNAT rule. Unfortunately, it's not possible to apply a country blocking rule for local services. The workaround is to forward traffic from these countries to a non-existing host.
Thanks,