Security_Services_GeoIP
Security Services > Geo-IP and Botnet Filter
The Geo-IP and Botnet Filtering feature allows administrators to block connections to or from a geographic location based on IP address, and to or from Botnet command and control servers.
To configure Geo-IP and Botnet filtering, perform the following steps:
For this feature to work correctly, the country database must be downloaded to the appliance. The Status indicator at the top right of the page turns yellow if this download fails. Green status indicates that the database has been successfully downloaded. Click the Status button to display more information.
In order for the country databaes to be downloaded, the appliance must be able to resolve the address, "geodnsd.global.sonicwall.com".
When a page is blocked and the connection happens to be an HTTP GET, then a block page appears on the client machine.
Checking Geographic Location and Botnet Server Status
The Geo-IP and Botnet filter also provides the ability to look up IP addresses to detmerine the domain name, DNS server, the country of origin, and whether or not it is classified as a Botnet server. To do so, perform the following steps:
Details on the IP address are displayed below the Result heading.
Note: This Geo Location and Botnet Server status tool can also be accessed from the System > Diagnostics page.