How to filter and block traffic based on geographic location?

Geo-IP Filter allows administrators to block connections coming to or from a geographic location to resolving the public IP address to a particular country. By default firewall makes a TCP-3 way handshake for any blocked country and after it displays the block banner to the end user.

However, few administrator may need to skip this event and straight away block the outbound connection to the blocked country IPs by blocking the first SYN packet in the TCP connection  where user will not get any information of block message.

Firewall will show the banner of geo ip blocking in default configurations. The user trying to access any blocked content will get below message on his end device and firewall capture done based on source IP will show the below behavior :

In order to do the intense scanning by block the initial TCP handshake  , please perform the below steps :

RESOLUTION FOR SONICOS 7.X

1. Navigate to internal settings page of the Sonicwall firewall by putting the syntax on browser https://<Mgmt-ip>/sonicui/7/m/Mgmt/settings/diag

2.  Navigate to GeoIP/Location service

3. Uncheck the option 'Show block page for geoip and botnet filtering'

4. Click Accept at the top.

RESOLUTION FOR SONICOS 6.5

1. Navigate to internal settings page of the Sonicwall firewall by putting the syntax on browser https://<mgmt-ip>diag.html

2.  Navigate to GeoIP/Location service

3. Uncheck the option 'Show block page for geoip and botnet filtering'

4. Click Accept at the top.

With the above changes, the user will get below error message now and firewall will show the initial SYN traffic being dropped as shown :