If you have a country defined as "block to and from" in Geo Policy (not Geo Updatable Objects) they will not be allowed to connect at all as @the_rock stated. This may have changed in later releases, but last time I looked Geo Policy enforcement is performed just after anti-spoofing enforcement and before any "First" implied rules allowing Remote Access VPN traffic are consulted. However if the newer Geo Updatable Objects are used, that enforcement will not happen until after the implied rules. So they will be able to at least connect in that case.
However Geo Policy was deprecated in R81 (hidden in some cases but still works) so there really isn't a long-term solution for completely blocking certain countries for Remote Access VPN before the implied rules are enforced. One possibility is using fw samp/fwaccel dos which allows the specification of a country code, then grant them a bandwidth/connection rate of zero (if that is possible).
The only other way I could think of to do this would be an RFE that allows specified countries to be blocked right on the topology page for any interface designated "External" in the Firewall's topology, along with perhaps a way to add exceptions or a "don't check packets from" to that enforcement on that same screen. Kind of a per interface Geo Policy similar to the per-interface Advanced...Multicast Restrictions feature.
Another RFE avenue for this functionality might be the ability to choose countries in a Gaia Policy Based Routing configuration and blackhole them. But the former SmartConsole-based approach would probably be easier to understand and troubleshoot.
New 2-day Live "Max Power" Series Course Now Available:
"Gateway Performance Optimization R81.20" at maxpowerfirewalls.com