Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 39 subscribers
  • Views 733 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to forward the traffic from all destination IP belong to 1 country

Eric Cai

Hi There,

our firewall have 2 ISP network, if I want to forward the network traffic of  all destination IP that is the range of china IP address to the china telecom this ISP , is that possible ? if so, how can i identify this destination ip is in china in the firewall ? hope my statement  make sense, thank you so much for your help.

Best Regards,
Eric



This thread was automatically locked due to age.
  • 0

    Hi

    You can achieve this using an SD-WAN Policy Route. Have a look at this guide for more information.

    Essentially you can indicate your destination network (range of China IP addresses) and specify your primary gateway to be China telecom.

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0 in reply to Karlos

    Hi Karlos,

    Thanks so much for the support, i got  a china address list from our china telecom, is it possible to import this list in the IP range one time ? I expect i do not type and create them one by one , below is part of the list , full list is quite long, thank you!

    1.0.1.0/24
1.0.2.0/23
1.0.8.0/21
1.0.32.0/19
1.1.0.0/24
1.1.2.0/23
1.1.4.0/22
1.1.8.0/21
1.1.16.0/20
1.1.32.0/19
1.2.0.0/23
1.2.2.0/24
1.2.4.0/22
1.2.8.0/21
1.2.16.0/20
1.2.32.0/19
1.2.64.0/18
1.3.0.0/16
1.4.1.0/24
1.4.2.0/23
1.4.4.0/22
1.4.8.0/21
1.4.16.0/20
1.4.32.0/19
1.4.64.0/18
1.8.0.0/16
1.10.0.0/21
1.10.8.0/23
1.10.11.0/24
1.10.12.0/22
1.10.16.0/20
1.10.32.0/19
1.10.64.0/18
1.12.0.0/14
1.24.0.0/13
1.45.0.0/16
1.48.0.0/14
1.56.0.0/13
1.68.0.0/14
1.80.0.0/12
1.116.0.0/14
1.180.0.0/14
1.184.0.0/15
1.188.0.0/14
1.192.0.0/13
1.202.0.0/15
1.204.0.0/14
14.0.0.0/21
14.0.12.0/22
14.1.0.0/22
14.1.24.0/22
14.1.96.0/22
14.1.108.0/22
14.16.0.0/12
14.102.128.0/22
14.102.156.0/22
14.102.180.0/22
14.103.0.0/16
14.104.0.0/13
14.112.0.0/12
14.130.0.0/15
14.134.0.0/15
14.144.0.0/12
14.192.60.0/22

    Best Regards,
    Eric

  • 0 in reply to Eric Cai

    Why not try the country list in goeip for China.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks Ian, can you teach me how to get the china country IP list in Goeip in detail ? please also help to create this access list in firewall, I do not want to type the IP List one by one, it is quite time consuming. 

    Best Regards,

    Eric

  • 0 in reply to Eric Cai

    Hi Eric,

    something like this source lan, network internal network destination wan, network China from drop down list.

    then what ever functions you need from there to complete the rule.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi Ian,

    After I get the IP address list ? is there a  easy way to create the destination network base on this way ? before i create the network object one by one, it is ok for 2 or 3 IP address, but for 600 or more IP address, i can not do that like before.

    Thank you!

    Best Regards,

    Eric

  • 0 in reply to Eric Cai

    Hi Eric,

    the geoip table in XG will contain most of if not all the Chinese ip addresses and you should not need to add any. If you find there are some missing you can submit an update request.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks Ian, I got it now.

Unfiltered HTML