How to configure geographical blocking in a SOPHOS XG firewall

Hi,

yes there is using the predefined country groups. In the GUI - Hosts and Services - Country Groups. You set up an incoming reject rule at the top of your rule list and either select the countries or create your own policy group of countries.

Ian

Thank you,

When creating a new rule I don't see where you can select countries.

John

Hi John,

So have a look in the rule configuration under source and destination networks, you may need to change the filter from all so you can see them if you want to look at the list. However, you should just be able to type the country or region name.

So depending on your rule base you can either allow traffic to or from specific countries or more generally allow traffic and block traffic to or from specific countries.

Hope that helps

Hi John,

you select Source WAN -> then ZONE scroll down countries.

Ian

Got it thank you.

Is there any reason not to set it up like?

Out of curiosity: why use a reject rule in stead of a drop rule?

I'd rather not give any response to these 'attackers'.

Only because someone suggested it.

I suggested it, but I agree with your suggestion.

One thing to watch while trying to block bad countries is that not all bad sites even with country suffix are based in their home country from my experience a number use the Amazon servers.

Ian

Thank you for clearing that up.

Lan,

I agree but its all about baby steps and we never do business out side the country so why not block.

Thank you for the assistance.