UTM: Using Geo-IP Filtering to block connections coming to or from a geographic location (SW8963)

Return
  • Title

    UTM: Using Geo-IP Filtering to block connections coming to or from a geographic location
  • Resolution

    Article Applies To:

    Gen5: NSA E8500, NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 240
    Gen5 TZ Series: TZ 210, TZ 210 Wireless,

    Firmware/Software Version: SonicOS Enhanced 5.8.1.x and above versions.
    Services: Geo IP Filtering, Botnet Command & Control Filtering


    Feature/Application:

    Geo-IP Filtering allows the administrator to block connections coming to or from a geographic location. Botnet Command & Control Filtering allows the administrator to block communications to suspected command and control IPs based on the reputation database built by the Sonic GRID research network.

    A new Security Services > Geo-IP & BOTNET Filter page has been added to the management interface and Geo-IP Blocking is also available from the Dashboard > App Flow Monitor page

    For this feature to work correctly, the country database must be downloaded to the appliance. The Status indicator turns yellow if this download fails for any reason. Green status means that the download was successful.
     


    Procedure:

    Step 1: Login to SonicWALL Management Interface and go to Security Services > Geo-IP & Botnet FilterAt the top of the page, you can select the Block connection to/from Botnet Command and Control Servers checkbox to enable Botnet filtering. Below that, to enable Geo-IP filtering, you can select the Block connections to/from following countries checkbox, and select the checkboxes for the desired countries to block.

    Step 3: Enable the checkbox next to the country you wish to block.

    Step 4: The Geo-IP/Botnet Exclusion Object field allows you to select an Address Object containing IP addresses to exclude from filtering and blocking.

     


    Troubleshooting:

    You can look up an IP address to find out the domain, DNS server, and check whether it is part of a Botnet. The Services > Geo-IP & BOTNET Filter page provides this functionality at the bottom of the page:
     
     
    The System > Diagnostics page also provides this capability:
     

     


     

  • Key Words

    8963


Product(s):
SonicWALL NSA Series
4500, 3500, 2400, 240
SonicWALL E-Class NSA Series
E8500, E7500, E6500, E5500
SonicWALL TZ Series
210W, 210

Topic(s):
Technical Solutions

Article History:
Created on: 7/7/2011
Last Update on: 5/13/2014

Feedback submitted.

Did this article help?

[Select Rating]

Thank you for your rating!

Close

Request or Create a KB Article »