Configure Geolocation Exceptions

To identify the geographic location of connections through the Firebox, the Geolocation subscription service uses a database of IP addresses and countries. If there are sites that might be included in the Geolocation database that you want to make sure are never blocked, you can add Geolocation exceptions to your Firebox. Geolocation never blocks connections to or from sites on the exceptions list.

The Geolocation exceptions list is shared by all Geolocation actions. Any changes that you make to the exceptions list when you edit a Geolocation action apply to all Geolocation actions on your Firebox.

When you add a site to any one of the Botnet Detection Exceptions, Geolocation Exceptions, or Blocked Sites Exceptions lists, the site is not blocked by any of these services or Default Packet Handling.

For example, if you add www.example.com to the Geolocation Exceptions list, then Botnet Detection, Blocked Sites, and Default Packet Handling also do not block the site. If you already added a site to one exception list, you might see an error if you try to add the site to an exception list for another service.

After you configure Geolocation exceptions, you can export the exception list and import it to a different Firebox.

Add Geolocation Exceptions

You can add an exception for an IPv4 or IPv6 host IP address, network address, host range, or FQDN.

  1. Select Subscription Services > Geolocation.
    The Geolocation page appears.
  2. Add or edit a Geolocation action (Fireware 12.3 or higher).
  3. Select the Exceptions tab.

Screen shot of Geolocation exceptions list in Fireware Web UI.

  1. Click Add.
    The Add Sites dialog box appears.

Screen shot of Add Sites dialog box in Fireware Web UI.

  1. From the Choose Type drop-down list, select the method to identify the exception.
  2. In the text box, type the IP address, network IP address, host range, host name, or FQDN.
    If the exception is for a host range, type the start and end IP addresses for the range of IP addresses in the exception.
    For FQDN, you can type a specific domain name (for example, example.com), or use a wildcard to include the domain and all subdomains (for example, *.example.com).
  3. (Optional) In the Description text box, type a description of the exception.
  4. Click OK.
  5. Click Save.
  1. Select Subscription Services > Geolocation.
    The Geolocation dialog box appears.
  2. Add or edit a Geolocation action (Fireware 12.3 or higher).
  3. Select the Exceptions tab.

Screen shot of Geolocation exceptions list in Policy Manager.

  1. Click Add.
    The Add Address dialog box appears.

Screen shot of Add Address dialog box in Policy Manager.

  1. From the Choose Type drop-down list, select the method to identify the exception.
  2. In the text box, type the IP address, network IP address, host range, host name, or FQDN.
    If the exception is for a host range, type the start and end IP addresses for the range of IP addresses in the exception.
    For FQDN, you can type a specific domain name (for example, example.com), or use a wildcard to include the domain and all subdomains (for example, *.example.com).
  3. (Optional) In the Description text box, type a description of the exception.
  4. Click OK.
  5. Click OK.

Remove Geolocation Exceptions

You can remove Geolocation exceptions that you no longer need.

  1. Select Subscription Services > Geolocation.
    The Geolocation page appears.
  2. Add or edit a Geolocation action (Fireware 12.3 or higher).
  3. Select the Exceptions tab.
    The Geolocation Exceptions list appears.
  4. Select the check box next to each exception to remove.
  5. Click Remove.
  6. Click Save.
  1. Select Subscription Services > Geolocation.
    The Geolocation dialog box appears.
  2. Add or edit a Geolocation action (Fireware 12.3 or higher).
  3. Select the Exceptions tab.
    The Geolocation Exceptions list appears.
  4. Hold down the Ctrl key and click each exception to remove.
  5. Click Remove.
  6. Click OK.

Import and Export Geolocation Exceptions

You can export the Geolocation exceptions list from one Firebox and import it to a different Firebox. This makes it easy to add the same Geolocation exceptions to all the Fireboxes you manage.

When you import exceptions, you must specify whether to clear the existing exceptions first. If you choose not to clear the list, the imported exceptions are added to the existing exceptions.

  1. Select Subscription Services > Geolocation.
    The Geolocation page appears.
  2. Add or edit a Geolocation action (Fireware 12.3 or higher).
  3. Select the Exceptions tab.
  4. Click Export.
    The Geolocation exception list is saved in the geoblocked_exceptions.txt file.
  1. Select Subscription Services > Geolocation.
    The Geolocation dialog box appears.
  2. Add or edit a Geolocation action (Fireware 12.3 or higher).
  3. Select the Exceptions tab.
  4. Click Export.
  5. Specify the file name and the location where you want to save the file. 
    The Geolocation exceptions are saved as a text file in the location you specified.
  1. Select Subscription Services > Geolocation.
    The Geolocation page appears.
  2. Add or edit a Geolocation action (Fireware 12.3 or higher).
  3. Select the Exceptions tab.
  4. Click Import.
    A confirmation message appears.
  5. Click Yes to remove the current exceptions, or No to keep the current exceptions.
  6. Select the file to import.
  7. Click Import.
    The exceptions from the file are added to the Geolocation Exceptions list.
  8. Click Save.
  1. Select Subscription Services > Geolocation.
    The Geolocation dialog box appears.
  2. Add or edit a Geolocation action (Fireware 12.3 or higher).
  3. Select the Exceptions tab.
  4. Click Import.
  5. Select the file to import.
    A confirmation message appears.
  6. Click Yes to remove the current exceptions, or No to keep the current exceptions.
    The exceptions from the file are added to the Geolocation Exceptions list.
  7. Click OK.

Related Topics

About Geolocation