How can I configure SonicWall Geo-IP filter using firewall access rules?
12/20/2019 1720 31377
Geo-IP Filter allows administrators to block connections coming to or from a geographic location to resolving the Public IP address to a particular country. This feature is usable in two modes, blanket blocking or blocking through firewall access rules.
Blocking through firewall access rules gives a network administrator greater control over what traffic is and isn't scanned by the Geo-IP Filter. This is useful for deployments in which Outbound Traffic may want to be uninhibited but Inbound traffic should be subject to scanning. Typical deployments of Geo-IP Filter with firewall access rules include DDoS and other network attack mitigation as well as anti-spoofing.
CAUTION: As mentioned, Geo-IP Filter works by tracing a public IP to a particular country. Users which make use of a VPN to disguise their country of origin may be able to get around the Geo-IP Filter by having their traffic appear as if it's coming from a white-listed country. At this times there are no work around for this issue.
- Login to the SonicWall management GUI.
- Navigate to Manage | Security Configuration | Security Services | Geo-IP Filter.
- Enable the check-box for Block connections to/from following countries under the settings tab.
- Enable the radio-button Firewall Rule-based. Navigate to Policies | Rules | Access rules, choose the LAN to WAN, click Configure .
- Under the GeoIP tab, check the Enable Geo-IP Filter.
- Global- This option applies the default countries selected under Security Services | GEO-IP Filter |Countries.
- Custom- This option can be used when creating a specific access rule to block certain countries for certain users while globally allowing access to those specific countries.
Blocking particular IP Address from a specific country
- Navigate to Security Configuration | Security Services | GEO-IP Filter | Custom List tab .
- Click Add, create an Address Object with the zone assignment WAN with the appropriate IP address to be blocked.
- Choose the appropriate country from the drop-down menu.
To Exclude specific IP Address from GEO-IP filter
- Under the Geo-IP Exclusion Object select address object or groups of IP addresses on the WAN to be excluded from Geo-IP Filter.
- Click Accept at the bottom of the page to save the settings.
To Enable Logging
- Navigate to Security Configuration |Security Services | GEO-IP Filter |Settings , check on the option Enable logging.
NOTE: Geo-IP is supported on SOHO 250/TZ 215/TZ 215W, TZ300 and higher appliances .