I am having difficulty with getting the GeoIP blocking rules to work. I have created the alias for the Geo countries that I would like to block. I am downloading the updates and verified that they are loaded (765777 under the Loaded #).
I have a dual WAN setup with some web servers and other ports that I have open and port forwarded to internal devices.
In the NAT/Port Forward rule I have a rule for each WAN interface. The rule is for IP4, source is inverted and the alias used is for all the countries that I do not want and the destination port range is just the ports that I want to allow.
When I check the firewall logs and the device logs I see IPs from countries that I do not want to allow.