Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure geographical blocking in a SOPHOS XG firewall

With all the global turmoil we have a desire to block traffic from bad actor countries. Such as China, North Korea, Iran and so forth. Is there a way to do this in the XG firewall?  



This thread was automatically locked due to age.
Parents
  • Hi,

    yes there is using the predefined country groups. In the GUI - Hosts and Services - Country Groups. You set up an incoming reject rule at the top of your rule list and either select the countries or create your own policy group of countries.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thank you,

    When creating a new rule I don't see where you can select countries.

     

    John

  • Hi John,

    So have a look in the rule configuration under source and destination networks, you may need to change the filter from all so you can see them if you want to look at the list. However, you should just be able to type the country or region name.

    So depending on your rule base you can either allow traffic to or from specific countries or more generally allow traffic and block traffic to or from specific countries.

    Hope that helps

  • Hi John,

    you select Source WAN -> then ZONE scroll down countries.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply Children