Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 8 subscribers
  • Views 1888 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

country blocking - block all then add exceptions??

Jean Thibodeau

New to sophos UTM. Is it do-able and would it make sense/work to block "from" all countries and have exception allowing from my own country for IPSec VPN and Webadmin services (for Any IP), which is the only traffic I would like to accept?

I'm assuming blocking traffic "from" a country is about blocking calls initiated by that country, i.e. it wouldn't block the *response* to a call initiated from my allowed country to the blocked country. Is that true?

Unit is remote right now and I fear testing my theories could result in my losing access to the remote device and the people at that site losing all internet access...



This thread was automatically locked due to age.
Parents
  • +1

    As said by bob, the country blocking rules work in this way.
    i mean this is the right approach to prevent access from all over the world. Use "from" as option.
    In order not to prevent my own VPN and web access, I exclude my own country completely.
    As Bob said, "any" should not be the source in the WebAdmin. Better use  your own IP or a DynDNS host.
    If you receive mail, don't forget to build an exception.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Ok, I've blocked "from" all countries except mine, and made a handful of them "all" so no one / no software can even go there, and put in exclusion for IPSec Group, my WebAdmin port (which I changed from 4444), for only my DynDNS host.

    Works as expected so far. Or at least I'm not being prevented from administering unit remotely, and the internet is working for folks at remote site.

    Thanks.

  • 0 in reply to Jean Thibodeau

    Great.

    You should see blocked connection attempts within firewall live log.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Interesting. while country blocking is a firewall rule, I can't tell in firewall logs what country the call is from/to but I can see it in web filtering logs.

    I actually monitor things using Fastvue Sophos Reporter, which I'm generally impressed with so far (still in trial period) - it takes data from web filtering logs so works fine for reporting country blocking (after I got a tip to get there from their support folks)

Reply
  • 0 in reply to dirkkotte

    Interesting. while country blocking is a firewall rule, I can't tell in firewall logs what country the call is from/to but I can see it in web filtering logs.

    I actually monitor things using Fastvue Sophos Reporter, which I'm generally impressed with so far (still in trial period) - it takes data from web filtering logs so works fine for reporting country blocking (after I got a tip to get there from their support folks)

Children
No Data
Unfiltered HTML