Re: Geo Blocking
Depending on what you are trying to achieve, you just might want to set the GEO blocking on a local-in-policy - that's assuming you are trying to block anything directed at the firewall itself.
If you have internal devices (behind the firewall) making/establishing connections to GEO countries outside the US then I would investigate the cause/reasons for this with the owner(s) of those devices and/or just block access from Internal-->WAN to those GEO countries. But try the local-in-policy first. YMMV.
NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C