Custom Geo-IP list to exclude a website from Geo-IP filter
05/18/2022 335 People found this article helpful 374,985 Views
Description
Geo-IP custom list is used for many reasons, of which the following are more prominent ones.
- To allow an IP/subnet/range which is part of a blocked country
- To block an IP/subnet/range which is part of an allowed country
- If an IP address is classified as the wrong country - along with this, a location change request can be done : GEO-IP location change request
If you just need an exclusion for the hosts behind SonicWall, then follow this KB : How can I exclude hosts behind SonicWall from Geo-IP Filter using firewall access rules? and Using Geo-IP filtering to block connections coming to or from a geographic location
This article assumes the Geo-IP filter is already configured.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Login to SonicWall management interface and navigate to POLICY | Security Services | Geo-IP Filter | Settings
- Enable the option "Enable custom list" and
- Override Firewall countries by Custom list : Enabling a custom list can affect the country identification, for an IP address, in the following ways: • If "Enable Custom List" is not enabled, then during country identification, only firewall country database will be searched. If "Enable Custom List" is enabled, but "Override Firewall Countries By Custom List" is not enabled, then during country identification, then first firewall country database will be searched, if not resolved, then the custom country list will be searched. If "Enable Custom List" is enabled and "Override Firewall Countries By Custom List" is also enabled, then during country identification, first custom country list will be searched, if not resolved, then the firewall country database will be searched. Action will be taken accordingly
- Accept to save the settings
- Now, navigate to the Custom list and click Add
- In the pop-up window, give the right address object (for the IP to be allowed) and mark this IP as part of any Allowed country. I have used US in my example below:
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Login to SonicWall management interface and navigate to Manage| Security Services | Geo-IP Filter | Settings
- Enable the option "Enable custom list" and
- Override Firewall countries by Custom list : Enabling a custom list can affect the country identification, for an IP address, in the following ways: • If "Enable Custom List" is not enabled, then during country identification, only the firewall country database will be searched. If "Enable Custom List" is enabled, but "Override Firewall Countries By Custom List" is not enabled, then during country identification, then first firewall country database will be searched, if not resolved, then the custom country list will be searched. If "Enable Custom List" is enabled and "Override Firewall Countries By Custom List" is also enabled, then during country identification, first custom country list will be searched, if not resolved, then the firewall country database will be searched. Action will be taken accordingly
- Accept to save the settings
- Now, navigate to the Custom list and click Add
- In the pop-up window, give the right address object (for the IP to be allowed) and mark this IP as part of any Allowed country. I have used US in my example below:
Related Articles
Categories
Was This Article Helpful?
YESNO