Can I use geo blocking for a specific NAT rule?

Question

I'm using a Sophos SG230 with the latest version of UTM 9. 
 
 I have a NAT rule routing https traffic hitting a specific external IP to of our servers. Currently it allows traffic from any IP address through since it could be accessed by users from their home PCs, phones etc. However I would like to lock it down as much as possible since the server is now being hit with a lot of attempted connections from known compromised IP addresses. 
 
 I don't really want to turn on geo blocking in the firewall settings since that blocks all traffic by default and there would be too many exceptions to set up. 
 
 Is there a way I can add to the NAT rule that it should only apply to UK addresses rather than using the "any" selector? 
 
 Thanks.

Vivek Jagad · Answer

Hi Simon Poke ,

Thank you for reaching out to the community, the best way to control is via country blocking. As for the firewall rules and NAT rules you can only all the following under the source or destination: There is no country group which you can select directly, and the tedious task would be create such a host group and then add it with action as drop/reject in order to achieve your requirernemnt.