-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
SMA 100: How to block access to the SMA device from specific countries using Geo-IP/Botnet filter
11/05/2021 
1,194 People found this article helpful
479,982 Views
Description
To ensure high security, network administrators should allow access to their network only from specific countries. Using Geo-IP and Botnet Filter, they can allow access only for specific countries or continents.
This article explains how the administrator can allow access from specific countries and to block access from specific IP addresses regardless of the countries allowed/blocked.
NOTE: The device should have licenses for "Geo-IP and Botnet filter" to use this feature.
Resolution
Enabling Geo-IP and Botnet Filter.
Step 1: Login to the management interface of the SMA device.
Step 2: Navigate to "Geo-IP & Botnet Filter" and Settings page and configure it as per the below screenshot.
Step 3: Select the check box "Enable Geo IP & Botnet Filter".
Step 4: Select the check box "Enforce Geo IP Policy" to enforce the Geo-IP policies.
Step 5: Select the check box "Enforce Botnet Filter Policy" to enforce Botnet Filter policies. If this is disabled, Botnet IPs will not be blocked, however they will still be detected and included in the Botnet Filter Statistics.
Step 6: Select the check box "Find Geo-IP location for Logs"- When this option is enabled, a column indication the location of the source IP is added to the following screens: End Point Control > Log, Web Application Firewall > Log, Geo IP & Botnet Filter > Log, and Log > Views.
Configuring Geo-IP filtering to allow access only from specific countries.
Step 1: Navigate to "Geo-IP & Botnet Filter" and Policies page and click on Add policy.
Step 2: Go to "Geo IP policy" tab and configure it as per the below screenshot. (In this example, we have allowed access only from American countries).
Step 3: Specify a name for this Geo-IP policy.
Step 4: Select the appropriate check boxes to block access from those countries. You can sort countries by continent, just click the drop-down and select the desired continent, all the countries within that continent will display in the Apply Policy To list. You can also select countries directly from the map.
Step 5: Select the Action as "Deny".
Configuring Botnet Policy to block access from Specific IP address or IP address range.
Step 1: Go to "Botnet policy". Click on Add Botnet Policy.
Step 2: Specify a name for this Botnet Policy.
Step 3: Select the "Apply Policy to" as "IP address" to block only a specific IP address and choose "IP Network" to block a specific network range.
Related Articles
- How do I integrate Ianum with a SonicWall SMA?
- SMA 8200v Azure/AWS Deployment Guidelines
- SMA 1000: SAML Identity Provider Service Configuration Guide
YES
NO