Does anyone know how to setup my network firewall that will reject all clients base on their country/Region?

Ren_Alcala · ‎19-May-2021

Can anyone help me to configure my AFM, what i want is to reject/drop all client that want to access my VS, i already tried configuration but it still not working on my end, btw i'm using VPN to change my IP base on the country/region. Please see the configuration on my screen shots. Thank you in advance guys!

Regards,

Renato

AlexBCT · ‎20-May-2021

Hi Renato,

One of the things you can test is to confirm that the F5 actually sees this address as being from Singapore.

You can do this by going to the CLI and typing "geoip_lookup 51.79.156.16"

When I run it, it does say it's an IP from Singapore, but would be good to have it confirmed.

For more information on the GeoIP database and how to update it, check here: https://support.f5.com/csp/article/K15042

Besides that, you can use the Packet Tester (Security ›› Debug : Packet Tester) to check which policy exactly takes what action for this connection as there may be another policy involved in the connection.

Hope this helps.

View solution in original post

Ren_Alcala · ‎19-May-2021

up

AlexBCT · ‎20-May-2021