Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Geo-Location Cloud Access Policies

  1. Last updated
  2. Save as PDF

Geo IP location-based Cloud Access Policies check IP addresses against a geo-database to determine if access should be granted to cloud services. The geo-database is created using a policy dictionary that includes a list of country and region codes. You can set up Geo-location policies as an allow list (allow access only from the locations specified) or block list (never allow access from the locations specified).

NOTE: IP mapping is based on NetAcuity edgeDb, and occasional inaccuracies can happen. 

Create a Geo IP DLP Dictionary

The first step is to create a Geo IP dictionary. 

You can either manually enter locations in the dictionary text box, or upload a CSV of locations. If you're working with more than a handful of countries/regions, it is easier to create the file and then upload it. This also allows you to archive the dictionary, or use it in other Skyhigh CASB tenants.

The dictionary must follow this format:

Dictionary Format Example

COUNTRY: <2 letter country code>,<2 letter country code>

REGION: <2 letter country code>.<2 letter region code>, <2 letter country code>.<2 letter region code>

COUNTRY: BR, CN

REGION: US.NY, US.NJ

TIP: You can find country and region codes on these sites:

 

 

To create a DLP Dictionary:

  1. Choose Policy > DLP Policies > Dictionaries.
  2. Click Add Dictionary.
  3. Name. Enter a name for the dictionary that indicates it is geo-based.
  4. Type. Select GEO IP
  5. Do one of the following:
    • Select Upload a file, then choose a comma-separated file that includes text as shown above to specify countries and regions. 
    • Select Manually add items to the dictionary, then enter text to specify countries and regions.
  6. Click Save.

policy_dictionary_geo.png

Create a Geo-IP Location Access Policy

To create a policy:

  1. Go to Policy > Access Control > Access Policies
  2. Click Create Policy.
  3. Name. Enter a name for your policy. 
  4. Description. Add a description, if needed. 
  5. If the following conditions are met. Select IP Location. Then enter the Geo IP dictionary you created earlier, Geo-Allowed.
    access_policy_geo.png
  6. Then take the following action. Select an option for the action. Because Geo-Allowed is an allow list dictionary, choose Allow Access. If you have set up a block list dictionary, choose Block Access. For more options, see Create a Cloud Access Policy
  7. Click Save.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. fencing
    2. Geo Location
    3. Policy