How can I configure SonicWall Geo-IP filter using firewall access rules?

12/20/2019 1858 34612

DESCRIPTION:

Geo-IP Filter allows administrators to block connections coming to or from a geographic location to resolving the Public IP address to a particular country. This feature is usable in two modes, blanket blocking or blocking through firewall access rules.

Blocking through firewall access rules gives a network administrator greater control over what traffic is and isn't scanned by the Geo-IP Filter. This is useful for deployments in which Outbound Traffic may want to be uninhibited but Inbound traffic should be subject to scanning. Typical deployments of Geo-IP Filter with firewall access rules include DDoS and other network attack mitigation as well as anti-spoofing.

CAUTION: As mentioned, Geo-IP Filter works by tracing a public IP to a particular country. Users which make use of a VPN to disguise their country of origin may be able to get around the Geo-IP Filter by having their traffic appear as if it's coming from a white-listed country. At this times there are no work around for this issue.

RESOLUTION:

1. Login to the SonicWall management GUI.
2. Navigate to Manage | Security Configuration | Security Services | Geo-IP Filter.
3. Enable the check-box for Block connections to/from following countries under the settings tab.
4. Enable the radio-button Firewall Rule-based.  Navigate to Policies | Rules | Access rules,  choose the LAN to WAN, click Configure .
5. Under the GeoIP tab, check the Enable Geo-IP Filter.

• Global- This option applies the default countries selected under Security Services | GEO-IP Filter |Countries.
• Custom- This option can be used when creating a specific access rule to block certain countries for certain users while globally allowing access to those specific countries.

Blocking particular IP Address from a specific country

• Navigate to Security Configuration | Security Services | GEO-IP Filter | Custom List tab .
• Click Add, create an Address Object with the zone assignment WAN with the appropriate IP address to be blocked.
• Choose the appropriate country from the drop-down menu.
  

To Exclude specific IP Address from GEO-IP filter

• Under the Geo-IP Exclusion Object select address object or groups of IP addresses on the WAN to be excluded from Geo-IP Filter.
• Click Accept at the bottom of the page to save the settings.
  

To Enable Logging

• Navigate to Security Configuration |Security Services | GEO-IP Filter |Settings , check on the option  Enable logging.

NOTE: Geo-IP is supported on SOHO 250/TZ 215/TZ 215W, TZ300 and  higher appliances .