Add Geolocation Actions in WatchGuard Cloud

Applies To: Cloud-managed Fireboxes

Geolocation is a security service that enables the Firebox to detect the geographic locations of connections to and from your network. For cloud-managed Fireboxes, you can enable and configure Geolocation to block access to and from specific locations.

Add a Geolocation Action

The default Geolocation action does not block any countries. You can configure multiple Geolocation actions and assign a specific action to each policy.

For the Geolocation service to apply to traffic through the Firebox, it must also be enabled in firewall policies. For information about policy settings, go to Configure Security Services in a Firewall Policy.

Caution: Before you configure Geolocation to block a country, make sure to evaluate the geographic location of sites that users, apps, and devices on your network must connect to. A site that is hosted in one country may include content that is hosted elsewhere. For more information, go to Geolocation Recommendations.

To add a geolocation action:

  1. Select Configure > Devices.
  2. Select a cloud-managed Firebox.
    Status and settings for the selected Firebox appear.
  3. Select Device Configuration.
    The Device Configuration page opens and shows the WatchGuard Cloud Security Services.

    4. Screen shot of WatchGuard Cloud Configure Security Services (cloud-managed)

  4. Click the Geolocation tile.
    The Geolocation page opens.

Screen shot of WatchGuard Cloud Geolocation page

  1. Click Add Action.
    The Add Action page opens with all countries allowed by default for the action.

Screen shot of WatchGuard Cloud Geolocation Add Action page

  1. In the Name text box, type a name for the action.
  2. To block a country with the map, click that country on the map. Click the country again to return it to allowed.
    Allowed countries appear gray; blocked countries appear red.

Screenshot of the Geolocation map with countries blocked and allowed

  1. To block a country from the countries list, select the check box next to that country in the list. Select the check box again to return the country to allowed.
    A green check mark indicates a country is allowed; a red X indicates a country is blocked.

Screen shot of WatchGuard Cloud Geolocation countries list with the check box next to Austria set to blocked

  1. Click Save.
    To delete an existing action, on the Geolocation page, click in the row for the action you want to delete.

Geolocation Recommendations

Before you configure Geolocation to block a country, make sure to evaluate the geographic location of sites that users, apps, and devices on your network must connect to. A site that is hosted in one country may include content that is hosted elsewhere. Content Delivery Networks (CDNs), such as Akamai, Amazon CloudFront, Cloudflare, and Microsoft Azure CDN, use networks of servers located in different geographic locations to deliver content more quickly to users.

For example, Microsoft uses regional data centers around the world. If your Firebox is configured with Geolocation, an Office 365 user in an unblocked country might be unable to access services that use one or more IP addresses that belong to a Microsoft regional data center in a blocked country. To enable your users to access these sites, you must configure Geolocation exceptions. For more information, go to Add Exceptions in WatchGuard Cloud.

Related Topics

Add a Cloud-Managed Firebox to WatchGuard Cloud