Forum Discussion
Ren_Alcala
Cirrus
CirrusDoes anyone know how to setup my network firewall that will reject all clients base on their country/Region?
Can anyone help me to configure my AFM, what i want is to reject/drop all client that want to access my VS, i already tried configuration but it still not working on my end, btw i'm using VPN to chan...
Hi Renato,
One of the things you can test is to confirm that the F5 actually sees this address as being from Singapore.
You can do this by going to the CLI and typing "geoip_lookup 51.79.156.16"
When I run it, it does say it's an IP from Singapore, but would be good to have it confirmed.
For more information on the GeoIP database and how to update it, check here: https://support.f5.com/csp/article/K15042
Besides that, you can use the Packet Tester (Security ›› Debug : Packet Tester) to check which policy exactly takes what action for this connection as there may be another policy involved in the connection.
Hope this helps.
AlexBCT
Cumulonimbus
CumulonimbusHi Renato,
One of the things you can test is to confirm that the F5 actually sees this address as being from Singapore.
You can do this by going to the CLI and typing "geoip_lookup 51.79.156.16"
When I run it, it does say it's an IP from Singapore, but would be good to have it confirmed.
For more information on the GeoIP database and how to update it, check here: https://support.f5.com/csp/article/K15042
Besides that, you can use the Packet Tester (Security ›› Debug : Packet Tester) to check which policy exactly takes what action for this connection as there may be another policy involved in the connection.
Hope this helps.
- Ren_Alcala
Hi Alex,
Thanks for the reply bro will try to do that :). Your right i need to install IP geolocation on my bigip for me to use country as a source.
Regards,
Renato