Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.

8.0.39

{{item.code}}

User Manual

Overview

Installation and Deployment

Installation Preparations

Deployment Mode

Home Page

Security Operations

Business Asset Security

User Security

Specialized Protection

Next-Gen Security

Network

Interfaces

DHCP

Advanced Networking

Monitor

Logs

Sessions

Statistics

Reports

Options

Policies

Network Address Translation

Access Control

Security Policy

Decryption

Bandwidth Management

Authentication

Custom Webpage

Object

Security Protection Rule Database

Content Signature Database

IP Location Database

Schedule

Trusted Certificate Authority

System

General Configuration

High Availability

Active-Standby Deployment

Central Management

Configuration Example for Access of NGAF to CM

O&M Management

Routine Inspection

Shortcut Functions

Restoration of the Device Configuration and Password

Patch Update Guidance

Use of Auxiliary Tools

Troubleshooting

Emergency Event Handling

Product Upgrade Guide

Acronym

Athena NGFW (Next-Generation Firewall)

User Manual

Policies

Access Control

GeoLocation Blocking

{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","GeoLocation Blocking")}}

GeoLocation Blocking

{{ $t('productDocDetail.updateTime') }}: 2026-01-07

To allow or deny the access of traffic of IP addresses in specified countries or regions to the LAN area protected by the NGAF device. The administrator can perform the following operations.

Parameter	Note
Add	Adds a regional access control policy
Exclusion list	Adds IP addresses are not subject to regional access control.
Blocked IP Addresses	Displays the IP address record denied by the regional access control policy.
Location Lookup	Enters the IP address to query the corresponding location.
Update IP location database	Manually updates the ISP address library.

Table 14:Description of NAT Parameters

Configuration Steps

An enterprise provides a LAN server for internet users to access, but only specific to domestic services. To avoid malicious access by foreign IP addresses, you must set in NGAF to allow only users using IP addresses in mainland China to access the LAN server.

Step 1.Navigate to Policy > GeoLocation Blocking, and click Add. Then, the Add dialog box appears. See the figure below.

Step 2.Enter the policy name Only Allow China to Access in the Name field, select Enabled for the Status parameter, enter a custom description in the Description field, and select WAN for the WAN Zone parameter in the Source section. For more information about how to define the zone, see Section 5.2 Zone.

Step 3.Select a custom server as the network object. For more information about defining the network object, see Section 8.1 Network Object or click Add to add it.

Step 4.Select Allow access from specified countries/regions for the Action parameter and Asia-Pacific Region or China for the Country/Region parameter. See the figure below.

Step 5.Click Save. Then, the configuration is complete. In this case, only the IP address of mainland China can access the LAN server.

Step 6.If internet users use IP addresses other than mainland China to access the LAN server, the access fails. If internet users use IP addresses of mainland China to access the LAN server, the access succeeds.

{{ $t('index.defaultHeader.logo') }}

Athena NGFW (Next-Generation Firewall)

GeoLocation Blocking

Configuration Steps