For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ukhan20's avatar
ukhan20
Icon for Cirrus rankCirrus
Jan 15, 2025

Geo-fencing for block and allow one country

how to do Geo-fencing in F5 Advanced Firewall Manager (AFM) to allow access from only one country, such as USA , and block all other countries ?

application delivery
security

5 Replies

  • VGF5's avatar
    VGF5
    Icon for Cumulonimbus rankCumulonimbus
    Jan 15, 2025

    Hello Khan, 

    Please follow below steps to configure geo-fencing in F5 AFM to allow access only from the USA and block all other countries:

    1. Log in to the F5 Configuration Utility.
    2. Navigate to Security > Network Firewall > Policy List.
    3. Create a New Firewall Policy.
    4. Define Rules for the Policy:
      • Create an Accept rule for Source: Geolocation and select United States.
      • Create a Reject/Drop rule for Source: Geolocation and select Not in United States.
    5. Save and Apply the Policy to the relevant virtual servers.
  • VGF5's avatar
    VGF5
    Icon for Cumulonimbus rankCumulonimbus
    Jan 15, 2025

    Please follow the steps outlined in the article below.
    https://clouddocs.f5.com/training/community/firewall/html/class1/module1/lab4.html#create-the-geo-restrict-firewall-rule-list-and-firewall-policy

  • ukhan20's avatar
    ukhan20
    Icon for Cirrus rankCirrus
    Jan 15, 2025

    i am facing problem how to block all and all only one country  

  • JesseR's avatar
    JesseR
    Icon for Nimbostratus rankNimbostratus
    Jan 16, 2025

    It is not AFM but one work around is to make an Irule that would drop all outside connections. Something like:

    when HTTP_REQUEST {

       if {  [whereis [IP::client_addr] country] != "US" } {

       drop

       }

    }

    This would drop all not united states based IPs.