Geolocation is a subscription service that enables the Firebox to detect the geographic locations of connections to and from your network and to block connections to or from the geographic locations you specify. To use Geolocation, the Firebox must have a feature key that enables the RED subscription service.
When Geolocation is enabled for a policy, the Firebox looks up the geographic location of an external source or destination IP address in a database. You configure Geolocation actions to block connections to or from specified countries and then apply those actions to policies. You can also add exceptions for sites that you do not want to block, and configure update server settings. For more information about these settings, see:
If the Firebox cannot determine the geographic location of an IP address, it allows the connection.
In Fireware 12.4 and higher, when a user on your network tries to connect over HTTP or HTTPS to a website in a blocked country, a Deny message appears. The message includes the reason the connection was denied and the name of the blocked country. If the message shows the blocked country as Unidentified, the IP address is in a blocked country but the Firebox cannot display the country name temporarily.
You can see statistics about connections blocked by Geolocation in the Subscription Services system status page in Fireware Web UI, and in the Subscription Services tab of Firebox System Manager. For more information, see Geolocation Statistics.
To see details about connections blocked based on geographic location, you can filter the log messages the Firebox generates. For more information, see Monitor Geolocation Activity.
In Fireware Web UI, the Geolocation Dashboard shows information about the current connections allowed to each geographic location. For more information, see Geolocation Dashboard.
There are no reports that show connections blocked by the Geolocation subscription service.