How to block access to the SRA device from specific source IP address or range using Geo-IP/Botnet filter
01/29/2021 1106 12712
To ensure high security, network administrators should allow access to their network only from specific countries. Using Geo-IP and Botnet Filter they can allow access only for specific countries or continents.
This article explains how the administrator can allow access from specific countries and to block access from specific IP addresses regardless of the countries allowed/blocked.
Note: The device should have licenses for "Geo-IP and Botnet filter" to use this feature.
Enabling Geo-IP and Botnet Filter.
Step 1: Login to the management interface of the SRA device.
Step 2: Navigate to "Geo-IP & Botnet Filter" and Settings page and configure it as per the below screenshot.
Step 3: Select the check box "Enable Geo IP & Botnet Filter".
Step 4: Select the check box "Enforce Geo IP Policy" to enforce the Geo-IP policies.
Step 5: Select the check box "Enforce Botnet Filter Policy" to enforce Botnet Filter policies. If this is disabled, Botnet IPs will not be blocked, however they will still be detected and included in the Botnet Filter Statistics.
Step 6: Select the check box "Find Geo-IP location for Logs"- When this option is enabled, a column indication the location of the source IP is added to the following screens: End Point Control > Log, Web Application Firewall > Log, Geo IP & Botnet Filter > Log, and Log > Views.
Configuring Geo-IP filtering to allow access only from specific countries.
Step 1: Navigate to "Geo-IP & Botnet Filter" and Policies page and click on Add policy.
Step 2: Go to "Geo IP policy" tab and configure it as per the below screenshot. (In this example, we have allowed access only from American countries).
Step 3: Specify a name for this Geo-IP policy.
Step 4: Select the appropriate check boxes to block access from those countries. You can sort countries by continent, just click the drop-down and select the desired continent, all the countries within that continent will display in the Apply Policy To list. You can also select countries directly from the map.
Step 5: Select the Action as "Deny".
Configuring Botnet Policy to block access from Specific IP address or IP address range.
Step 1: Go to "Botnet policy" tab and configure it as per the below screenshot. (In this example, we have blocked access from few IP addresses that belongs to Canada).
Step 2: Specify a name for this Botnet Policy.
Step 3: Select the "Apply Policy to" as "IP address" to block only a specific IP address.
To block access to or from a subnet, select "Apply Policy to" as " IP Address Range" as mentioned in the below screenshot and enter the network details.
Step 4: Select the Action as "Deny".
Step 5: Click on Accept.