I’m frequently asked to block users from accessing certain countries and it can help prevent exploits if your users have no business connecting to some of these countries.  This is called Geo Blocking and it’s pretty easy to setup.

Setup address object for the country you want to block

• Navigate to Policy & Objects > Addresses and click Create New Address
• Enter the name of the country in question
• Change the Type to Geography
• Change the Country to the country in question
• Leave the Interface at any.  This is so we can use this object for both inbound and outbound rules
• Click OK
  

Create the Outbound Block Policy

• Navigate to Policy & Objects > IPv4 and click Create New
  • Name:  Give it a descriptive name
  • Incoming Interface:  Your LAN
  • Outgoing Interface:  Your WAN connection
  • Source:  All
  • Destination:  The object you created
  • Service:  All
  • Action:  Deny
  • Click OK

• Drag this policy to the top of your outbound policy list

Create an inbound block policy

• Navigate to Policy & Objects > IPv4 and click Create New
  • Name:  Give it a descriptive name
  • Incoming Interface:  Your WAN connection
  • Outgoing Interface:  Your LAN
  • Source:  The object you created
  • Destination:  All
  • Service:  All
  • Action:  Deny
  • Click OK

• Drag this policy to the top of your inbound policy list