waleedRight, what I mean is, I still want the geoblock in effect for everything else going to India. Removing outbound for an entire country for one vendor isn't really the solution I was looking for. Cato can just update their product to whitelist a domain for geo_restrictions and we'll just put an RFE in for that. Why would you change such a large IPS behavior (i.e. removing outbound geo_restriction for a country) just for a single vendor choosing to send some of your traffic to India?
Cato EmployeeDomain/App bypass in the IPS GeoBlock would be great, agreed. However, even with the existing tool set, you can still accomplish what you are intending using the Internet Firewall rules for outbound geo restriction to India. You can essentially accomplish the same geoblock via the Internet Firewall.
Your 2 new internet firewall rule will look like this:
Rule#1: If traffic is Microsoft domain or all predefined MS apps AND country is India : Action Allow
Rule#2: All other traffic to country India: Action Block
At the end of the day, both the Inet FW and IPS will accomplish the same outbound geo restriction task.
