Enable Geolocation in a Policy

When you enable the Geolocation subscription service, Geolocation is enabled automatically for all policies. In Fireware v12.3 or higher, when you enable the Geolocation service, all policies are configured to use the default Global Geolocation action automatically.

If you want more control over the types of connections the Firebox denies based on geographic location, you can enable or disable Geolocation for a specific policy in the policy settings. In Fireware v12.3 or higher, you can also change the Geolocation action used by a policy.

In Fireware v12.8 or higher, you can choose whether inbound traffic that Geolocation denies receives a deny page. When you disable the Geolocation deny page for a policy, inbound traffic does not receive a deny page that attackers could use to confirm the presence of a Firebox in your network. The deny page applies to HTTP and HTTPS traffic on ports 80 and 443.

The Geolocation subscription service must be enabled before you can enable or disable Geolocation for a policy.

For firewall policies that are configured to deny all traffic, enable Geolocation for the policy if you want to see in log messages whether the Firebox blocked the traffic based on the geographic location of the connection source or destination. For more information, go to Monitor Geolocation Activity.

  1. Select Firewall > Firewall Policies.
  2. Double-click a policy.
  3. Select the Geolocation tab.

Screenshot of the Geolocation tab in a HTTP-proxy policy.

  1. From the Geolocation Control Action drop-down list, select the Geolocation action to use for this policy.
  2. To not return the Geolocation deny page for inbound traffic, clear the Enable Deny Page check box (Fireware v12.8 and higher). The Enable Deny Page check box is selected by default.
  3. Click Save.
  1. In Policy Manager, double-click a policy.
    The Policy Properties dialog box appears with the Policy tab selected.

Screenshot of Edit Policy Properties dialog box Policy tab

  1. Select the Enable Geolocation check box.
  2. From the adjacent drop-down list, select the Geolocation action to use for this policy.
  3. To not return the Geolocation deny page for inbound traffic, clear the Enable Deny Page check box (Fireware v12.8 and higher). The Enable Deny Page check box is selected by default.
  4. Click OK.
  1. Select Firewall > Firewall Policies.
  2. Double-click a policy.
  3. Select the Geolocation tab.
  4. From the Geolocation Control Action drop-down list, select None.
  5. Click Save.
  1. In Policy Manager, double-click a policy.
    The Policy Properties dialog box appears with the Policy tab selected.
  2. Clear the Enable Geolocation check box.
  3. Click OK.

Related Topics

About Geolocation