Article Applies To:
Gen5: NSA E8500, NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 240
Gen5 TZ Series: TZ 210, TZ 210 Wireless,
Firmware/Software Version: SonicOS Enhanced 5.8.1.x and above versions.
Services: Geo IP Filtering, Botnet Command & Control Filtering
Geo-IP Filtering allows the administrator to block connections coming to or from a geographic location. Botnet Command & Control Filtering allows the administrator to block communications to suspected command and control IPs based on the reputation database built by the Sonic GRID research network.
A new Security Services > Geo-IP & BOTNET Filter page has been added to the management interface and Geo-IP Blocking is also available from the Dashboard > App Flow Monitor page
For this feature to work correctly, the country database must be downloaded to the appliance. The Status indicator turns yellow if this download fails for any reason. Green status means that the download was successful.
Step 1: Login to SonicWALL Management Interface and go to Security Services > Geo-IP & Botnet Filter
Step 2: At the top of the page, you can select the Block connection to/from Botnet Command and Control Servers checkbox to enable Botnet filtering. Below that, to enable Geo-IP filtering, you can select the Block connections to/from following countries checkbox, and select the checkboxes for the desired countries to block.
Step 3: Enable the checkbox next to the country you wish to block.
Step 4: The Geo-IP/Botnet Exclusion Object field allows you to select an Address Object containing IP addresses to exclude from filtering and blocking.
SonicWALL NSA Series
4500, 3500, 2400, 240
SonicWALL E-Class NSA Series
E8500, E7500, E6500, E5500
SonicWALL TZ Series
Created on: 7/7/2011
Last Update on: 5/13/2014