Blocking Traffic from Countries using Geoblocking

If Geoblocking is disabled (from Setting > Configuration > License tab under Feature Previews) this feature is not available. When you disable Geoblocking you are prompted that all blocking IPs will be removed.

Users with admin permissions can enable the feature.

When you enable Geoblocking on the License tab, you are informed that a tag-based security policy will be implemented on each gateway, to deny traffic for IP addresses associated with the country. All gateways in those VPC/VNets will be blocked.

This section describes the Geoblocking feature of Aviatrix CoPilot.

Geoblocking allows you to select a country to block IP traffic coming into and coming from the country. When Geoblocking is enabled for a country, a tag-based security policy is implemented on each gateway to deny traffic for IP addresses associated with the country.

All gateways in your VPC/VNets will block. When you unblock a country, the tag is removed from all gateways and the stateful firewall rules instantiated on them for that country are removed.

You access Geoblocking in CoPilot by going to Home > Security > ThreatIQ > Geoblocking or by typing Geoblocking in the navigation search.

Configuring Geoblocking

Configure Geoblocking to block IP traffic coming into and coming from a country.

A cloud-region IP may be blocked if that region is in the blocked country. For example, if the public IP for your service is registered in a specific country by the cloud and you block that country.

By clicking on the country name, you can view recent IP traffic going to or coming from that selected country in the time range you specify.

To configure Geoblocking, you must log in to CoPilot with a user account that belongs to a group that has either all_write or all_security_write permissions.

To configure Geoblocking, use the following steps:

  1. In CoPilot, go to Security > ThreatIQ > Geoblocking or type GeoBlocking in the navigation search.

    A list of the countries you can block and unblock displays. The IPs Observed column shows you the number of IP addresses CoPilot observed from each country when scanning Netflow records over the last seven days. If you click on a country name, you can view recent IP traffic going to or coming from that selected country in the time range you specify.

  2. In the Status column, toggle the switch to Blocked for each country you want to block IP traffic.

  3. Click Save.

    IP traffic coming into and coming from that country will be blocked on each Aviatrix gateway.

    Each time you toggle the switch for a country to block or unblock, you must click Save for your changes to take effect.