After reading this thread, sounds like you didn't get it to work. I kind of misread it, and got it to work. We have no layer 3 rules, just layer 7 to block multiple countries. I wanted access to one website in one of those countries. I created a Group Policy just for my computers IP, then created a duplicate layer 7 to block the same countries and verified I did not have access. Then I created a layer 3 Allow rule. I tried to use TCP and the FQDN, but it didn't work. Turns out I need to use the websites actual IP address, and it works fine. We are using an MX64, completely updated. Hope this helps if you never got it to work.
... View more
