Knowledge Base

The LAN subnet has the same IP range of a certain Geo Region IP How do I block all traffic from that Geo Region IP without blocking internal LAN IPs?

Scenario

The administrator wants to block web GUI access from Venezuela so the following security policy is created.
However, GEO-IP blocks internal LAN IPs because the LAN subnet has the same IP range of a certain Geo Region IP. How to solve this issue if it is impossible to change the LAN IP address?

 

 

 

Step

Suppose you'd like to block web GUI access from Venezuela.
Create an address object by selecting "Venezuela".
 
Suppose the IP address of lan1 belongs to Venezuela.
 
 
In the security policy rule, you can assign a specific zone in “From” and “To” to limit the source/destination IP coming from/to a certain “zone”.
Create a security policy rule to block traffic from Venezuela to ZyWALL.
From: WAN, To: ZyWALL, Source: All Venezuela, action: deny

 

Verification

From one PC 190.168.1.2 in LAN1, it is still able to access the web GUI 190.168.1.1 successfully because the traffic if from zone “LAN1” but not “WAN”. 
Hence, it doesn’t hit the block_test rule.



YES NO

Please leave your comment:

SUBMIT

Question Profile

LANGUAGE:
ARTICLE ID:017947
TYPE:Application / Configuration Example
FIRMWARE:4.35
VIEWS:92
VOTES:0
TECHNOLOGY:
MODEL:ATP100,ATP200,ATP500 (view more model name)

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support