• SonicOS 7.0
• Summary
  • Synchronize Licenses
  • Security Services Settings
  • Signature Downloads Through a Proxy Server
  • Security Services Information
• Managing the SonicWall Gateway Anti-Virus Service
  • SonicWall GAV Multi-Layered Approach
    • Remote Site Protection
    • Internal Network Protection
    • HTTP File Downloads
    • Server Protection
    • Cloud Anti-Virus Database
  • SonicWall GAV Architecture
  • Activating the Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention License
  • Setting Up SonicWall Gateway Anti-Virus Protection
    • Viewing SonicWall Gateway Anti-Virus Status Information
      • Checking the SonicWall Gateway Anti-Virus Signature Database Status
      • Updating SonicWall Gateway Anti-Virus Signatures
    • Enabling SonicWall Gateway Anti-Virus
    • Applying SonicWall Gateway Anti-Virus Protection on Zones
    • Specifying Protocol Filtering
      • Enabling Inbound Inspection
      • Enabling Outbound Inspection
      • Restricting File Transfers
        • FTP Settings
        • Exclusion Settings
      • Resetting Gateway Anti-Virus Settings
    • Configuring Gateway Anti-Virus Settings
      • Configuring Gateway Anti-Virus Settings
      • Configuring HTTP Clientless Notification
      • Configuring a SonicWall GAV Exclusion List
    • Configuring Cloud Gateway Anti-Virus
  • Viewing SonicWall Gateway Anti-Virus Signatures
    • Displaying Signatures
    • Navigating the Gateway Anti-Virus Signatures Table
    • Searching the Gateway Anti-Virus Signature Database
• Anti-Spyware Service
  • Anti-Spyware Status
  • Anti-Spyware Global Settings
  • Signature Groups
  • Protocols
  • Anti-Spyware Signatures
• Intrusion Prevention Service
  • About Intrusion Prevention Service
  • IPS Status
  • IPS Global Settings
  • Enabling Intrusion Prevention Services
  • Intrusion Prevention Service Policies
• Configuring Geo-IP Filters
  • Configuring Geo-IP Filtering
  • Creating Custom Country Lists
  • Customizing Web Block Page Settings
  • Using Geo-IP Filter Diagnostics
    • Geo-IP Cache Statistics
    • Custom Countries Statistics
    • Show Resolved Locations
    • Check GEO Location Server Lookup
    • Incorrectly Marked Address
• Configuring Botnet Filters
  • Configuring Botnet Filtering
  • Creating Custom Botnet Lists
    • Creating a Custom Botnet List
    • Editing Custom Botnet List Entries
  • Downloading Dynamic Botnet list
  • Configuring Dynamic HTTP Authentication
  • Customizing Web Block Page Settings
  • Using Botnet Filter Diagnostics
    • Botnet Cache Statistics
    • Botnets Statistics
    • Show Resolved Botnet Locations
    • Check Botnet Server Lookup
    • Incorrectly Marked Address
  • Displaying the Status of the Botnet Feature and Database
• Configuring App Control
  • About App Control Policy Creation
  • Viewing App Control Status
  • Configuring App Control Global Settings
    • About App Control Global Settings
    • Enabling App Control
      • Enabling App Control Globally
      • Enabling App Control on Zones
      • Configuring Logging and Log Filter Interval
      • Enabling App Control Filename Logging
      • Configuring App Control Settings
  • Configuring App Control Signatures
    • Configuring App Control Signatures by Category
    • Configuring App Control Signatures by Application
    • Configuring App Control Advanced by Signature
    • Viewing Signatures
      • Viewing by All Categories and All Applications by Applications
      • Viewing by All Categories and All Applications by Signatures
      • Viewing by All Categories and All Applications by Category
      • Viewing Just One Category
      • Viewing Just One Application
      • Displaying Details of Signature Applications
      • Displaying Details of Application Signatures
• Configuring Content Filter
  • SonicWall CFS
    • CFS Status
    • Global Settings
    • CFS Exclusion
  • CFS Custom Category
  • Websense Enterprise
    • Websense Server Status
    • General Settings
    • Block Web Features
    • CFS Exclusion
    • Blocking Page
• SonicWall Support
  • About This Document

Configuring Geo-IP Filtering

The Settings page gives a group of settings that can be configured for Geo-IP Filtering. Several of the settings have (information) icons next to them that give screen tips about that setting.

• Block connections to/from countries selected in the Countries tab - This option is selected by default. If this option is enabled, all connections to/from the selected list of countries are blocked. You can specify an exclusion list to exclude blocking for selected IPs. When this option is selected, the next two options become available.
  • All Connections - This selects one of the two modes of Geo-Filter. All connections to and from the firewall are filtered. This option is selected by default.
  • Firewall Rule-Based Connections - With this selection only connections that match an access rule configured on the firewall are filtered for blocking.
• Block all connections to public IPs if GeoIP DB is not downloaded - This option is not selected by default. If the Geo-IP database is not downloaded, this selection drops all attempted connections from public IP addresses.
• Enable Custom List - This option is not selected by default. Custom lists are sometimes used to correct a false country assignment for an IP address. If the checkbox is selected, the Override Firewall Countries by Custom List is made available.
• Override Firewall Countries by Custom List - This selection is only available if Enable Custom List is clicked. It allows your custom list to override the firewall list where there are differences. Unless you select this Override, the firewall list takes precedence, even when you have enabled a custom list.
• Enable Logging -This option is not selected by default. It enables logging of filter events.

The Countries page gives a group of settings that can be configured for Geo-IP Filtering to block specific countries.

• Blocked Country table - Click the checkbox for the countries to be blocked. By default, no countries are blocked. By clicking on the checkbox at the top of the table, you can select all countries, then exclude countries from blocking by clicking on them separately.
• Block All Unknown countries - Select this option to block any countries that are not listed. All connections to unknown public IPs are blocked. This option is not selected by default.

• Geo-IP Exclusion Object - This setting allows you to configure an exclusion list of all connections to approved IP addresses.

  Select an address group from the list. The default is Default Geo-IP and Botnet Exclusion Group.

  The Geo-IP Exclusion Object is a network address object group that specifies a group or a range of IP addresses to be excluded from the Geo-IP filter blocking. All IP addresses in the address object or group are allowed, even if they are from a blocked country.

  For example, if all IP addresses coming from Country A are set to be blocked and an IP address from Country A is detected, but it is in the Geo-IP Exclusion Object list, then traffic to and from this IP address is allowed to pass.

  For this feature to work correctly, the country database must be downloaded to the firewall. The Status indicator at the top right of the page turns yellow if this download fails. Green status indicates that the database has been successfully downloaded.

  For the country database to be downloaded, the firewall must be able to resolve the address geodnsd.global.SonicWall.com.

  When a user attempts to access a web page that is from a blocked country, a block page message is displayed on the user’s web browser.

  If a connection to a blocked country is short-lived and the firewall does not have a cache for the IP address, then the connection might not be blocked immediately. As a result, connections to blocked countries might occasionally appear in the App Flow Monitor. However, additional connections to the same IP address are blocked immediately.

Click:

• Accept to confirm your changes.
• Reset to cancel your changes.