Maybe I just can't find this in the UI, but it would be great to be able to globally block traffic to certain countries/regions or conversely to allow traffic only to certain countries/regions. I think you can do it device by device via the dashboard, but I don't see a way to do it for the whole network.
Your other suggestion is interesting, but I'd prioritize it lower.
The good news: Today you can already block sites by domain ending. For instance, just add „.cn“ for (all domains ending in .cn) in a pattern blocking list (https enabled device required).
I personally like the ip-location blocking idea. But this would require a database lookup (the geo location) of every requested IP. This will surely result in some latency.🤔
THX for your great thoughts!
@dcampbel Just to be clear:
Do you mean that if an IP address is contacted that is located in a certain country, the request should be blocked? (ie. block all IP addresses from china)
Or rather if a domain with a certain country code is requested? (ie. block all domains ending in .cn)
Today there is no such feature but it‘s an interesting thought. 🤔
THX!
I meant the first one "if an IP address is contacted that is located in a certain country, the request should be blocked". I consider that more thorough. (Your other suggestion is interesting, but I'd prioritize it lower.)
It would be interesting to have the "allow list" equivalent as well. So instead of "blocking" all the countries you consider risky, you could "allow" only certain countries and block all others.