Using Geo-IP filtering to block connections coming to or from a geographic location

Description

Geo-IP Filtering allows the administrator to block connections coming to or from a geographic location. Botnet Command & Control Filtering allows the administrator to block communications to suspected command and control IPs based on the reputation database built by the Sonic GRID research network.

A new Security Services | Geo-IP & BOTNET Filter page has been added to the management interface.

For this feature to work correctly, the country database must be downloaded to the appliance. The Status indicator turns yellow if this download fails for any reason. Green status means that the download was successful.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

  1.  Login to SonicWall management interface and navigate to POLICY | Security Services | Geo-IP Filter. 
  2. Click Settings , change  Block connections to/from countries selected in the Countries tab checkbox to Enable . Below that select All Connections radio button.
  3. Click Accept at the bottom.
    Image

  4. Click on Countries and move the countries  (you want to be blocked) under the Blocked Countries table on the right side.Image

  5. The Geo-IP Exclusion Object field allows you to select an Address Object containing IP addresses to exclude from filtering and blocking.




Troubleshooting

You can look up an IP address to find out the location , please click on Diagnostics on top , under Lookup IP enter the IP ,click GO.


Image


NOTE: Geo-IP is supported on TZ, NSA and higher appliances.



Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

  1.  Login to SonicWall management interface and navigate to Manage | Security Services | Geo-IP . 
  2. Click Settings , change  Block connections to/from countries selected in the Countries tab checkbox to Enable . Below that select All Connections radio button.
  3. Click Accept at the bottom.
    Image
  4. Click on Countries and move the countries  (you want to be blocked) under the Selected country table on the right side , you can simply use drag and drop to move the countries .
    Image
  5. The Geo-IP Exclusion Object field allows you to select an Address Object containing IP addresses to exclude from filtering and blocking.

Troubleshooting

You can look up an IP address to find out the location , please click on Diagnostics on top , under Lookup ip enter the ip ,click GO.
Image

NOTE: Geo-IP is supported on TZ 215/TZ215W,TZ300 and higher appliances.

Related Articles

  • SonicWall UTM throws an error : " Invalid Authentication " Error: SN and EPAID Do Not Match
    Read More
  • Firewall logs show frequent probe status changes after upgrade
    Read More
  • SSO Agent 4.0: Installation, Configurations, and troubleshooting
    Read More

Categories

Firewalls
NSa Series
Geo-IP & Botnet Filter
Firewalls
TZ Series
Geo-IP & Botnet Filter
Firewalls
NSv Series
Geo-IP & Botnet Filter
not finding your answers?
Ask the Community
was this article helpful?
YesNo