Who rated this post

Mr Phoneboy is correct, as always! I will tell you from my own experience...personally, I would NOT bother using traditional geo policy, updatable objects are so much better. I honestly had nightmare scenario when someone in TAC told us once to block certain countries (in their defense, it was the customer who approved it), but we never realized that one specific country we blocked was needed for cloud access, so we spent next 2 days trying to figure it out, worked with 3 escalation engineers, until something clicked in my head that was the issue and as soon as we unblocked it, all worked fine. Just keep in mind that traditional geo policy always takes place BEFORE regular rules, so it can definitely cause issues if you make a mistake. When you do regular rules, makes it much more intuitive to fix quickly if traffic is blocked. I would definitely read what @Timothy_Hall posted as well, because that absolutely makes 100% sense. To summarize, I believe everyone here is suggesting you use updatable objects : - )