Policy - GeoFence

Available in the Policy Editor popup


Geofence will enforce a deny access state on a device if the device software attempts to connect from a restricted IP. Once the device connects from a network that is not restricted it will automatically work again.

For GeoFence to work a live connection to the SafeConsole server is required. To strictly enforce a GeoFence policy it is therefore recommended that devices are either forced to always require a server connection for device unlock using the Device State policy or only allow devices to unlock inside the Trusted Network using ZoneBuilder.


When the GeoFence become enabled it is possible to restrict usage to only named countries and/or IPs, You can also Allow Only named countries and/or IPs.

The purpose of the feature is to achieve regulatory compliance where data is not allowed outside of specified countries or IPs.


The following configurations are available:

  • Enable Geofencing on devices

    • Prevent device access based on user computer IP Address through Geofence. Geolocation data such as Country and ISP of the IP Address can also be used to control device access.
  • Geofence message to user textbox
    • Send a custom message to users when their device has been denied access through the Geofence policy.
  • IP addresses textbox - All IP Addresses Allowed as default
    • Separate multiple IP Addresses with commas (198.51.100.1,198.51.100.2). Wildcard and CIRD addresses are supported (198.51.100.* or 198.51.100.0/24)
    • Restriction Mode - radio button
      • Allow Only These IPs (Whitelist), for a secure geofence, we recommend whitelisting approved IP Addresses.
      • Restrict These IPs (Blacklist)
  • Countries textbox - No Countries Blocked as default
    • Restriction Mode - radio button
      • Allow Only These Countries (Whitelist)
      • Restrict These IPs (Blacklist)
  • ISP textbox - No ISP Blocked as default
    • Restriction Mode - radio button
      • Allow Only These ISPs (Whitelist)
      • Restrict These ISPs (Blacklist)
      • To add ISPs, click Add ISP, enter a known IP associated with the ISP in the popup and perform the lookup by clicking the search-symbol button, then click Add in the bottom of the screen.


Policy device user interactions

The device software will display the configured message if the device is blocked and the device enters denied access mode and cannot be unlocked. Once the device connects from a allowed location the device can again be unlocked.