Overview of Regions and Region Groups
This section describes basic concepts and application scenarios of regions and region groups.
A region is a set of public IP address objects. Regions apply to the following situations:
Region-based policies
For example, an enterprise provides a web server for external access and does not allow access of users from country A. You can configure a security policy with source address set to country A and action set to block.
The following types of policies can reference regions: security policies, authentication policies, audit policies, and traffic policies. For configuration details, see the corresponding features.
Traffic and threat logs, maps and reports in the region dimension
You can display the report or map to check traffic and threat distribution details, such as access traffic, attack source regions, and attack destination regions for policy adjustment. For log, map, and report details, see Monitor.
For example, if the logs or threat map indicates that country A often attacks the enterprise intranet server, you can configure a security policy to block traffic from country A or configure a more fine-grained attack defense function.
The policies can reference region groups, which can contain multiple regions or region groups.
Predefined Region and User-Defined Region
Regions include predefined regions and user-defined regions.
Predefined regions are defined in the region identification signature database. China region has national, provincial, and municipal predefined regions, although other countries have only national predefined regions.
The region identification signature database can be updated manually or automatically. For details, see Update Center.
unknown-zone is a special region in predefined regions for IP addresses of unknown regions.
- User-defined regions are created manually and require manual adding of IP addresses.
The region identification signature database may not be up-to-date. Therefore, the system allows you to change the IP addresses in predefined regions.
- Add an IP address to a predefined region.
- Exclude an IP address from a predefined region. If you do not know the actual region of IP addresses to be excluded, you can add these IP addresses to region unknown-zone.
Modified predefined regions and created user-defined regions are user-defined regions, which have a higher priority than the predefined regions in the region identification signature database, regardless of whether the database is updated.
As shown in Figure 1, the device searches the user-defined regions and then predefined regions for the region of an IP address. An IP address is unique in user-defined regions and in predefined regions, but can appear in both user-defined.
Region Group
To control multiple regions, you can create a region group and reference the group in a policy. Region group members can be predefined regions, user-defined regions, or region groups.
You can reference region groups in policies, but you cannot display logs by region group on a map or in a report.