Cato Networks Knowledge Base

Geo-blocked Websites

  • Updated

Some governments and other organizations may only allow access to their websites from IP addresses registered in their own country or jurisdiction. This is known as geo-blocking.

Cato Networks has PoPs deployed all over the world, but the PoP you connect to won't necessarily be in the same country you live in. If that's the case, when you visit a website hosted within your country, the site would see the connection coming from an IP address registered outside your country, the external IP address of the PoP.

If the website is using geo-blocking to restrict access to in-country IP addresses only, the website will fail to load. In some cases you may see a block page from the web server, but most of the time the website will just time out and browser error will be displayed like the ones below.

Google Chrome

Mozilla Firefox

Microsoft Edge


Cato VPN Client

1. You should be able to access the geo-blocked website while in your own country by disconnecting from the VPN client.

2. Alternatively, you can create a split tunnel configuration and exempt the IP address(es) of the website. Any traffic to the exempted IP addresses will not be sent to Cato.


Add the IP address(es) of the website to the Destination Bypass list in the Cato Management Application. Refer to the Bypass section in our help guide for configuration details.

IPsec Site Connected to Cato

Change the routing policy on the local IPsec device so that traffic to the website's IP address(es) will not route through the Cato IPsec tunnel.



Was this article helpful?

0 out of 1 found this helpful



Please sign in to leave a comment.