We have this configured for a customer already 3 years ago, and not had any issues with this. (on R77.20, even before this SK was created )
To do this, you have to create groups with all IP address that you do not want to be part of GEO protection, and exclude them in the IPS exclusions for the GEO protection signature ( 2 rules, 1 as source, and 1 as destination to cover incomming and outgoing).
Next, you can configure the IPS GEO protection accordingly , to allow all outbound traffic and deny all incomming traffic from unwanted countries. As you have excluded all other IP addresses, this protection will only be relevant for that single IP.
For me, it is a missed opportunity to not have included GEO protection in the R80 'one policy' concept . I hope it is on the roadmap.