Facing issues Regarding country block ,if we allow only India and US ,Microsoft updates /product activations breaks as it goes on for searching random UK Canada or any other country server ,any suggestion or solution on this issues .
We want to maintain country block without breaking windows updates feature
Meraki uses a database (provided by a separate party) that allows an IP address to be mapped to country, and that is updated regularly. When you block a country there is unfortunately no way to make an exception to that block list - although I would definitely ‘make a wish’, it would be great feature to have a white-list that allows for specific URLs when a country is blocked (I’ve hit similar problems myself).
I would also pose the question with Microsoft and see if there is a way of limiting the countries that their update services will check into to, that may be an alternate way of solving your problem.
@HealthPrime why do you want to only have US and India, blocking every other country will make your internet experience appalling as the whole concept of the internet is that it is de-centralised so CDNs are usually distributed around the world for best availability.
Country blocking is usually used in a more limited manor, i.e. to block a particular country or region.
The Meraki list is also not always completely up to date so you may well see unusual results.
For MS updates and activations you could use SCCM or WSUS and your own activation server.
Sorry to say that, but whoever has proposed Geolocation blocking as a valid solution has to be taken to special places in hell.
In the age of Cloud and Nation threat actors, this is something that prevents you from the largest spam out there, but doesn‘t provide a serious layer of security. Instead, it takes you into situations like the ones you‘re describing here.
I don't have an issue doing geoblocking (each to their own), however you have to be aware, as mentioned about the cloud and the implications to your systems.
In saying that you could reach out to vendors and they will provide regional based servers that you can force your systems to update from, to get around the issue of trying to update from geoblocked regions.