Security Services > Geo-IP Filter

The Geo-IP Filter feature allows you to block connections to or from a geographic location. The Dell/SonicWALL network security appliance uses IP address to determine to the location of the connection.

NOTE: Geo-IP filtering is supported on TZ300 and higher appliances.

Topics:

•	Configuring Geo-IP Filtering

•	Customizing Web Block Page Settings

•	Using Geo-IP Filter Diagnostics

Configuring Geo-IP Filtering

To configure Geo-IP Filtering, perform the following steps:

1	Navigate to Security Services > Geo-IP Filter page.

 

2

To block connections to and from specific countries, select the Block connections to/from countries listed in the table below option. If this option is enabled, all connections to/from the selected list of countries will be blocked. You can specify an exclusion list to exclude this behavior for selected IPs, as described below in <Blue XRef>8.

3	Select one of the following two modes for Geo-IP Filtering:

•	All Connections: All connections to and from the firewall are filtered. This option is enabled by default.

•	Firewall Rule-Based Connections: Only connections that match an access rule configured on the firewall are filtered for blocking.

4	If you want to block all connections to public IPs when the Geo-IP database is not downloaded, select the Block all connections to public IPs if GeoIP DB is not downloaded option.

5	To log Geo-IP Filter-related events, select Enable logging.

6	Under Countries, in the Blocked Country table, select the countries to be blocked. Clicking the checkbox at the top of the table selects all countries, and then you can select countries to be excluded from blocking by deselecting them.

7	If you want to block any countries that are not listed, select the Block ALL UNKNOWN countries option. All connections to unknown public IPs will be blocked.

8	Optionally, you can configure an exclusion list of all connections to approved IP addresses by doing one of these:

•	Select an address object or address group from the Geo-IP Exclusion Object drop-down menu or create.

•	Create a new address object or address group by selecting Create new address object… or Create new address group… from the Geo-IP Exclusion Object drop-down menu.

The Geo-IP Exclusion Object is a network address object group that specifies a group or a range of IP addresses to be excluded from the Geo-IP filter blocking. All IP addresses in the address object or group will be allowed, even if they are from a blocked country.

For example, if all IP addresses coming from Country A are set to be blocked and an IP address from Country A is detected, but it is in the Geo-IP Exclusion Object list, then traffic to and from this IP address will be allowed to pass.

For this feature to work correctly, the country database must be downloaded to the appliance. The Status indicator at the top right of the page turns yellow if this download fails. Green status indicates that the database has been successfully downloaded. Click the Status button to display more information.

For the country database to be downloaded, the appliance must be able to resolve the address, geodnsd.global.sonicwall.com.

When a user attempts to access a web page that is from a blocked country, a block page is displayed on the user’s web browser.

NOTE: If a connection to a blocked country is short-lived and the firewall does not have a cache for the IP address, then the connection may not be blocked immediately. As a result, connections to blocked countries may occasionally appear in the App Flow Monitor. However, additional connections to the same IP address will be blocked immediately.

9	Click the Accept button at the top of the page to enable your changes.