We are currently using a Fortigate 100F with firmware v6.2.2 build 6083. We recently upgraded from an older 200B that is end-of-life soon. To geo-block countries in the past, we had added an Address object named "Country Block - Countryname" and set a type of geography to it. We then added this address to an Address Group named Country Block that is contained in the existing IPV4 policy that blocks incoming traffic from the outside-zone.
With the latest build of 6.2.2, is there a more efficient way of doing this? Also and perhaps more importantly, we are considering blocking everything but US sources and I am curious what the recommended course of action is to do this efficiently. We don't have public-facing servers and I am just looking to harden intrusion prevention. I realize this isn't a silver bullet but anything I can do to lessen exposure to risk is desired.