IPS Whitelist GEO_RESTRICTION using domain name

Question

Is there going to be an option in the future to whitelist geoblock IPS using a domain name? Currently only IP addresses affect geo_restriction, so, whitelisting all Microsoft servers in India is a bit like playing whack-a-mole. You can add a domain, but it throws an error (see screenshot below).

michaelsaw · Answer

Hi ilya,This is an interesting point.Would you share the reason to whitlelist the domain from geoblock IPS?Are you whitelisting the access of the domain (microsoft[dot]com) for certain/selected countries?Thank you and Happy Holidays.

ilya · Answer

The reason is because the alternative would be to create subnet lists for every CIDR block that Microsoft has because they don't separate their CIDR blocks by country. The IP Ranges would just keep growing with every CIDR block discovered (see my screenshot list of IP Ranges below). Is there a better way to do this since geoblock requires specific IP addresses/IP address ranges?&nbsp;

michaelsaw · Answer

Hi ilya,&nbsp;I see.Do you mean you want to only allow/whitelist Microsoft IP address from India?&nbsp;And block/blacklist Microsoft traffic to/from other countries/regions, such as US, Europe, Asia?Thank you

ilya · Answer

No, I mean Cato has no way to whitelist domains for geo_restriction blocks and there doesn't seem to be an easy way to allow that for companies with large global infrastructures like Microsoft.

michaelsaw · Answer

Hi ilya,&nbsp;This sounds to be a little complicated to be discussed on the Community Forum.Would you be able to reach out to you assigned Cato Representative for further detailed discussion?Thank you.

Forum Discussion

IPS Whitelist GEO_RESTRICTION using domain name

Recent Discussions