Security_Services_GeoIP

Security_Services_GeoIP

Security Services > Geo-IP and Botnet Filter

The Geo-IP and Botnet Filtering feature allows administrators to block connections to or from a geographic location based on IP address, and to or from Botnet command and control servers.

To configure Geo-IP and Botnet filtering, perform the following steps:

  1. Enable Block connections to/from Botnet Command and Control Servers to block all servers that are designated as Botnet servers. Use the exclusion list below to exclude approved IP addresses.
  2. Enable Block connections to/from following countries to block all connections to and from specific countries.
  3. Select the countries to be blocked in the table.
  4. Optionally, you can configure an exclusion list to all connections to approved IP addresses. To do so, go to the Geo-IP/Botnet Exclusion Object pulldown menu and select an address object or address group.

For this feature to work correctly, the country database must be downloaded to the appliance. The Status indicator at the top right of the page turns yellow if this download fails. Green status indicates that the database has been successfully downloaded. Click the Status button to display more information.

In order for the country databaes to be downloaded, the appliance must be able to resolve the address, "geodnsd.global.sonicwall.com".

When a page is blocked and the connection happens to be an HTTP GET, then a block page appears on the client machine.

Checking Geographic Location and Botnet Server Status

The Geo-IP and Botnet filter also provides the ability to look up IP addresses to detmerine the domain name, DNS server, the country of origin, and whether or not it is classified as a Botnet server. To do so, perform the following steps:

  1. Scroll to the bottom of the Security Services > Geo-IP & Botnet Filter page.
  2. Enter the IP address in the Lookup IP field and click Go.

Details on the IP address are displayed below the Result heading.

Note: This Geo Location and Botnet Server status tool can also be accessed from the System > Diagnostics page.