This limitation was discussed recently (Restrict VPN access by GEO location), and will probably need to be an RFE. You can also try checking with the Solutions Center via your Check Point SE, they may have some custom code that can block/allow Remote Access VPN by country.
However after poking around there may be a way to do this: (Edit: After further thought I don't think this will work as the allowed sources and destinations restriction is probably applied against the inner packet IP addresses (i.e. the assigned office mode address) and not the outer IPSec packet IP address that is part of the geographic country in question)
1) Prior to the introduction of Updatable Geo Objects in R80.20, @HeikoAnkenbrand created Dynamic Objects that represented certain countries and could be selected in a Security Policy as you can see here: https://community.checkpoint.com/t5/API-CLI-Discussion/GEO-Location-Objects-in-Firewall-Policy-with-...
2) If these Geo Dynamic objects are present in your configuration, it looks like they can then be selected as an "Allowed Source" in the individual User Record (Geo Updatable objects introduced in R80.20 cannot be selected here though):
3) So what you could do here is import the Geo Dynamic Objects in Step 1, and then select the Geo Dynamic Object(s) for the countries you want to permit as Allowed Sources, all other sources will be denied (an allow list). There is not a way to to a deny list of countries and allow all others for this user that I can see.
I haven't tested this but it looks like it should work, however the use of allowed sources and destinations in the User attributes instead of your policy layers has been controversial in the past, as it can be a bit confusing when the policy layers explicitly allow something but it gets denied anyway by a setting in the User attributes.
New 2-day Live "Max Power" Series Course Now Available:
"Gateway Performance Optimization R81.20" at maxpowerfirewalls.com