Guidelines and Limitations for Managing Remote Access VPN Users Based on Geolocation

In a service access object, if you use a geolocation object (country, continent, or geolocation object), use it only in one rule.

Configure the service access rules in the correct order because you cannot reorder these rules.

Clustering is not supported.

Geolocation-based unclassified IP addresses are not categorized according to their geographic origin. For such unclassified IP addresses, the management center enforces the default service access policy action.

Geolocation-based service access policies are not applied to WebLaunch pages ensuring that you can download the Secure Client seamlessly without any restrictions.