Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 13184 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure geographical blocking in a SOPHOS XG firewall

JohnVickers

With all the global turmoil we have a desire to block traffic from bad actor countries. Such as China, North Korea, Iran and so forth. Is there a way to do this in the XG firewall?  



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    yes there is using the predefined country groups. In the GUI - Hosts and Services - Country Groups. You set up an incoming reject rule at the top of your rule list and either select the countries or create your own policy group of countries.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thank you,

    When creating a new rule I don't see where you can select countries.

     

    John

  • +1 in reply to JohnVickers

    Hi John,

    So have a look in the rule configuration under source and destination networks, you may need to change the filter from all so you can see them if you want to look at the list. However, you should just be able to type the country or region name.

    So depending on your rule base you can either allow traffic to or from specific countries or more generally allow traffic and block traffic to or from specific countries.

    Hope that helps

  • +1 in reply to JohnVickers

    Hi John,

    you select Source WAN -> then ZONE scroll down countries.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
Unfiltered HTML