Security Services > Geo-IP Filter

The Geo-IP Filter feature allows you to block connections to or from a geographic location. The Dell/SonicWALL network security appliance uses IP address to determine to the location of the connection.

Topics:
Configuring Geo-IP Filtering
Customizing Web Block Page Settings
Using Geo-IP Filter Diagnostics

Configuring Geo-IP Filtering

To configure Geo-IP Filtering, perform the following steps:
1
Navigate to Security Services > Geo-IP Filter page.

2
To block connections to and from specific countries, select the Block connections to/from countries listed in the table below checkbox. By default, this option is not selected.

If this option is enabled, all connections to/from the selected list of countries are blocked. You can specify an exclusion list to exclude this behavior for selected IPs, as described below in Step 8.

When this option is selected, the next two options become available.

3
Select one of the following two modes for Geo-IP Filtering:
All Connections: All connections to and from the firewall are filtered. This option is enabled by default.
Firewall Rule-Based Connections: Only connections that match an access rule configured on the firewall are filtered for blocking.
4
To block all connections to public IPs when the Geo-IP database is not downloaded, select the Block all connections to public IPs if GeoIP DB is not downloaded option. This option is not selected by default.
5
To log Geo-IP Filter-related events, select Enable logging. This option is not selected by default.
6
Under Countries, in the Blocked Country table, select the countries to be blocked.

* 
TIP: Selecting the checkbox at the top of the table selects all countries, and then you can select countries to be excluded from blocking by deselecting them.
7
If you want to block any countries that are not listed, select the Block All UNKNOWN countries option. All connections to unknown public IPs are blocked.
8
Optionally, you can configure an exclusion list of all connections to approved IP addresses by doing one of these:
Select an address object or address group from the Geo-IP Exclusion Object drop-down menu or create. The default is Default Geo-IP and Botnet Exclusion Group.
Create a new address object or address group by selecting Create new address object… or Create new address group… from the Geo-IP Exclusion Object drop-down menu.

The Geo-IP Exclusion Object is a network address object group that specifies a group or a range of IP addresses to be excluded from the Geo-IP filter blocking. All IP addresses in the address object or group will be allowed, even if they are from a blocked country.

For example, if all IP addresses coming from Country A are set to be blocked and an IP address from Country A is detected, but it is in the Geo-IP Exclusion Object list, then traffic to and from this IP address will be allowed to pass.

For this feature to work correctly, the country database must be downloaded to the appliance. The Status indicator at the top right of the page turns yellow if this download fails. Green status indicates that the database has been successfully downloaded. Click the Status button to display more information.

For the country database to be downloaded, the appliance must be able to resolve the address, geodnsd.global.sonicwall.com.

When a user attempts to access a web page that is from a blocked country, a block page is displayed on the user’s web browser.

* 
NOTE: If a connection to a blocked country is short-lived and the firewall does not have a cache for the IP address, then the connection may not be blocked immediately. As a result, connections to blocked countries may occasionally appear in the App Flow Monitor. However, additional connections to the same IP address are blocked immediately.
9
Click the Accept button at the top of the page to enable your changes.