Nova ADC's automatically insert the X-Nova-Country header to allow your upstreams to tell which country the client connected from. We use a 2 character country code for thing, e.g. US, ZA, GB, etc.
In Default Allow mode Geofencing will block users from the country list you provide. In the example image below, all users from Russia and China will be denied access to your ADC, and the upstreams behind it.
Opposite to the above, Default Deny will prevent all users from accessing the ADC and it's upstreams, except for the countries in the list. In the below example only users from the United States will be able to access the service.
Geofencing allows you to prevent abuse from a country that you may be suffering a brute force or DoS attack from. Conversely, it allows you to only allow a specific country in the event that you know all your users are from a set of locations.
Remember that geofencing is done via country based IP lists, and is not an exact science. There can be incorrect ranges.