- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
SMA 100: How to block access to the SMA device from specific countries using Geo-IP/Botnet filter
11/05/2021 
1,112 People found this article helpful
97,268 Views
Description
To ensure high security, network administrators should allow access to their network only from specific countries. Using Geo-IP and Botnet Filter, they can allow access only for specific countries or continents.
This article explains how the administrator can allow access from specific countries and to block access from specific IP addresses regardless of the countries allowed/blocked.
NOTE: The device should have licenses for "Geo-IP and Botnet filter" to use this feature.
Resolution
Enabling Geo-IP and Botnet Filter.
Step 1: Login to the management interface of the SMA device.
Step 2: Navigate to "Geo-IP & Botnet Filter" and Settings page and configure it as per the below screenshot.
Step 3: Select the check box "Enable Geo IP & Botnet Filter".
Step 4: Select the check box "Enforce Geo IP Policy" to enforce the Geo-IP policies.
Step 5: Select the check box "Enforce Botnet Filter Policy" to enforce Botnet Filter policies. If this is disabled, Botnet IPs will not be blocked, however they will still be detected and included in the Botnet Filter Statistics.
Step 6: Select the check box "Find Geo-IP location for Logs"- When this option is enabled, a column indication the location of the source IP is added to the following screens: End Point Control > Log, Web Application Firewall > Log, Geo IP & Botnet Filter > Log, and Log > Views.
Configuring Geo-IP filtering to allow access only from specific countries.
Step 1: Navigate to "Geo-IP & Botnet Filter" and Policies page and click on Add policy.
Step 2: Go to "Geo IP policy" tab and configure it as per the below screenshot. (In this example, we have allowed access only from American countries).
Step 3: Specify a name for this Geo-IP policy.
Step 4: Select the appropriate check boxes to block access from those countries. You can sort countries by continent, just click the drop-down and select the desired continent, all the countries within that continent will display in the Apply Policy To list. You can also select countries directly from the map.
Step 5: Select the Action as "Deny".
Configuring Botnet Policy to block access from Specific IP address or IP address range.
Step 1: Go to "Botnet policy". Click on Add Botnet Policy.
Step 2: Specify a name for this Botnet Policy.
Step 3: Select the "Apply Policy to" as "IP address" to block only a specific IP address and choose "IP Network" to block a specific network range.
Related Articles
- CT with Device Guard is stuck on Identifying when GVC Client is installed
- SMA1000: CT compatibility with 3rd party VPN clients like GVC, Citrix and Fortinet
- How can I upgrade firmware in SMA 1000 series appliance?
YES
NO