Using Geo-IP filtering to block connections coming to or from a geographic location

10/14/2021 590 People found this article helpful 492,587 Views

Description

Geo-IP Filtering allows the administrator to block connections coming to or from a geographic location. Botnet Command & Control Filtering allows the administrator to block communications to suspected command and control IPs based on the reputation database built by the Sonic GRID research network.

A new Security Services | Geo-IP & BOTNET Filter page has been added to the management interface.

For this feature to work correctly, the country database must be downloaded to the appliance. The Status indicator turns yellow if this download fails for any reason. Green status means that the download was successful.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Login to SonicWall management interface and navigate to POLICY | Security Services | Geo-IP Filter.
Click Settings , change Block connections to/from countries selected in the Countries tab checkbox to Enable . Below that select All Connections radio button.
Click Accept at the bottom.
Click on Countries and move the countries (you want to be blocked) under the Blocked Countries table on the right side.
The Geo-IP Exclusion Object field allows you to select an Address Object containing IP addresses to exclude from filtering and blocking.

Troubleshooting

You can look up an IP address to find out the location , please click on Diagnostics on top , under Lookup IP enter the IP ,click GO.

NOTE: Geo-IP is supported on TZ, NSA and higher appliances.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Login to SonicWall management interface and navigate to Manage | Security Services | Geo-IP .
Click Settings , change Block connections to/from countries selected in the Countries tab checkbox to Enable . Below that select All Connections radio button.
Click Accept at the bottom.
Click on Countries and move the countries (you want to be blocked) under the Selected country table on the right side , you can simply use drag and drop to move the countries .
The Geo-IP Exclusion Object field allows you to select an Address Object containing IP addresses to exclude from filtering and blocking.