This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure geographical blocking in a SOPHOS XG firewall

With all the global turmoil we have a desire to block traffic from bad actor countries. Such as China, North Korea, Iran and so forth. Is there a way to do this in the XG firewall?

This thread was automatically locked due to age.

Parents

0 rfcat_vk over 4 years ago

Hi,

yes there is using the predefined country groups. In the GUI - Hosts and Services - Country Groups. You set up an incoming reject rule at the top of your rule list and either select the countries or create your own policy group of countries.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v20.0.2 MR-2

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Peter-Paul Gras over 4 years ago in reply to rfcat_vk

Out of curiosity: why use a reject rule in stead of a drop rule?

I'd rather not give any response to these 'attackers'.

SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th 2023

Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports

[If any of my posts are helpful to you please use the 'Verify Answer' link]
Cancel
Vote Up 0 Vote Down

Cancel
0 JohnVickers over 4 years ago in reply to Peter-Paul Gras

Only because someone suggested it.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JohnVickers over 4 years ago in reply to Peter-Paul Gras

Only because someone suggested it.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 rfcat_vk over 4 years ago in reply to JohnVickers

I suggested it, but I agree with your suggestion.

One thing to watch while trying to block bad countries is that not all bad sites even with country suffix are based in their home country from my experience a number use the Amazon servers.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v20.0.2 MR-2

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Peter-Paul Gras over 4 years ago in reply to rfcat_vk

Thank you for clearing that up.

SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th 2023

Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports

[If any of my posts are helpful to you please use the 'Verify Answer' link]
Cancel
Vote Up 0 Vote Down

Cancel
0 JohnVickers over 4 years ago in reply to rfcat_vk

Lan,

I agree but its all about baby steps and we never do business out side the country so why not block.

Thank you for the assistance.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to JohnVickers

Hi John,

you will be surprised how many sites get blocked which in most situations don't matter but some do even though you think they are locally based.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v20.0.2 MR-2

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel