SMA 100: How to block access to the SMA device from specific countries using Geo-IP/Botnet filter
11/05/2021 1,194 People found this article helpful 486,326 Views
Description
To ensure high security, network administrators should allow access to their network only from specific countries. Using Geo-IP and Botnet Filter, they can allow access only for specific countries or continents.
This article explains how the administrator can allow access from specific countries and to block access from specific IP addresses regardless of the countries allowed/blocked.
NOTE: The device should have licenses for "Geo-IP and Botnet filter" to use this feature.
Resolution
Enabling Geo-IP and Botnet Filter.
Step 1: Login to the management interface of the SMA device.
Step 2: Navigate to "Geo-IP & Botnet Filter" and Settings page and configure it as per the below screenshot.
Step 3: Select the check box "Enable Geo IP & Botnet Filter".
Step 4: Select the check box "Enforce Geo IP Policy" to enforce the Geo-IP policies.
Step 5: Select the check box "Enforce Botnet Filter Policy" to enforce Botnet Filter policies. If this is disabled, Botnet IPs will not be blocked, however they will still be detected and included in the Botnet Filter Statistics.
Step 6: Select the check box "Find Geo-IP location for Logs"- When this option is enabled, a column indication the location of the source IP is added to the following screens: End Point Control > Log, Web Application Firewall > Log, Geo IP & Botnet Filter > Log, and Log > Views.
Configuring Geo-IP filtering to allow access only from specific countries.
Step 1: Navigate to "Geo-IP & Botnet Filter" and Policies page and click on Add policy.
Step 2: Go to "Geo IP policy" tab and configure it as per the below screenshot. (In this example, we have allowed access only from American countries).
Step 3: Specify a name for this Geo-IP policy.
Step 4: Select the appropriate check boxes to block access from those countries. You can sort countries by continent, just click the drop-down and select the desired continent, all the countries within that continent will display in the Apply Policy To list. You can also select countries directly from the map.
Step 5: Select the Action as "Deny".
Configuring Botnet Policy to block access from Specific IP address or IP address range.
Step 1: Go to "Botnet policy". Click on Add Botnet Policy.
Step 2: Specify a name for this Botnet Policy.
Step 3: Select the "Apply Policy to" as "IP address" to block only a specific IP address and choose "IP Network" to block a specific network range.
Related Articles
Categories
Was This Article Helpful?
YESNO