SMA 100: How to block access to the SMA device from specific countries using Geo-IP/Botnet filter

Description

To ensure high security, network administrators should allow access to their network only from specific countries. Using Geo-IP and Botnet Filter, they can allow access only for specific countries or continents.

This article explains how the administrator can allow access from specific countries and to block access from specific IP addresses regardless of the countries allowed/blocked.

NOTE: The device should have licenses for "Geo-IP and Botnet filter" to use this feature.  

Resolution

Enabling Geo-IP and Botnet Filter.


Step 1: Login to the management interface of the SMA device.
Step 2: Navigate to "Geo-IP & Botnet Filter" and Settings page and configure it as per the below screenshot.

Image

Step 3: Select the check box "Enable Geo IP & Botnet Filter".
Step 4: Select the check box "Enforce Geo IP Policy" to enforce the Geo-IP policies.
Step 5: Select the check box "Enforce Botnet Filter Policy" to enforce Botnet Filter policies. If this is disabled, Botnet IPs will not be blocked, however they will still be detected and included in the Botnet Filter Statistics.
Step 6: Select the check box "Find Geo-IP location for Logs"- When this option is enabled, a column indication the location of the source IP is added to the following screens: End Point Control > Log, Web Application Firewall > Log, Geo IP & Botnet Filter > Log, and Log > Views.

Configuring Geo-IP filtering to allow access only from specific countries.

Step 1: Navigate to "Geo-IP & Botnet Filter" and Policies page and click on Add policy.

Image

Step 2: Go to "Geo IP policy" tab and configure it as per the below screenshot. (In this example, we have allowed access only from American countries).

Image

Step 3: Specify a name for this Geo-IP policy.
Step 4: Select the appropriate check boxes to block access from those countries. You can sort countries by continent, just click the drop-down and select the desired continent, all the countries within that continent will display in the Apply Policy To list. You can also select countries directly from the map.
Step 5: Select the Action as "Deny".

Configuring Botnet Policy to block access from Specific IP address or IP address range.

Step 1: Go to "Botnet policy". Click on Add Botnet Policy.
Step 2: Specify a name for this Botnet Policy.
Step 3: Select the "Apply Policy to" as "IP address" to block only a specific IP address and choose "IP Network" to block a specific network range.

Image

Related Articles

  • SMA100 End of Support No-Charge Replacement FAQ
    Read More
  • SMA1000: Post upgrade to 12.5.0 on AWS and Azure, we show the error Could not retrieve the DNS settings once we log in to AMC/CMS console
    Read More
  • Firmware version required to upgrade to version 12.5.0.
    Read More

Categories

Secure Mobile Access
SMA 100 Series
not finding your answers?
Ask the Community