I’d like to know what the common practice is regarding use of ZIA’s Advanced Threat Protection’s “Blocked Countries” feature. In theory, this sounds awesome but we’ve tried utilizing geo-blocking for our e-mail gateway but it turned out to be far too impractical. Any personal experiences (good/bad) would be appreciated.
I did find the post below on this topic but it seemed centered on ZPA rather than ZIA:
When you say do not have office in those countries ZIA protects your employees from the bad internet, so having offices in those places does not matter as this is not ZPA for corporate access. Better first use geolocation for better scanning with sandbox, DLP any access to those locations and make special policies just for them and in the future you can block them after checking and reviewing the web insights logs after a month. That is my suggestion to first enforce stricter malware, dlp control for those locations and in the future you can block them if you want after reviewing any false positives.