An enterprise provides a LAN server for internet users to access, but only specific to domestic services. To avoid malicious access by foreign IP addresses, you must set in Network Secure to allow only users using IP addresses from specified country/region, for example mainland China, to access the LAN server.

Step 1.Navigate to Policies > Access Control > GeoLocation Blocking and click Add. Then, the Add dialog box appears. See the figure below.

Step 2.Enter the policy name Only Allow China to Access in the Name field, select Enable for the Status parameter, and enter a custom description in the Description field. Then, select WAN for the WAN Zone parameter in the Source section. For more information about how to define the zones, see Chapter 8.2 Zones.

Step 3.Select a network object as the Destination. For more information about defining the network object, see Chapter 7.1 Network Objects or click Add to add it.             

Step 4.Select Allow access from specified countries/regions for the Action parameter and Asia/MainlandChina for the Country/Region parameter. See the figure below.

Step 5.Click OK to save the settings. Then, the configuration is complete. In this case, only the IP addresses from mainland China can access the LAN server.

Step 6.Access to the LAN server fails if internet users use IP addresses outside of mainland China. Access to the LAN server is successful when internet users use IP addresses from mainland China.