This video is a basic overview of how to setup SonicWall GeoIP filter. SPI-SSL video: • How to configure Sonic... SSL-VPN video: • How to configure Sonic...
yes, this service is great, but i can't block all countries and only allow one or two for a given access rule. it selects the countries completely at random, is this a bug? As an example i select block all countries and after saving 5 countries are blocked. if i then add 10 more 9 are blocked and so on. I did not have this problem with my old TZ350
I would need to check (it’s Sunday morning and I’m sipping my coffee :-) ) But I think an access rule would exist from wan to wan to allow management of the firewall. So simply apply geo ip to it. Let me know :-)
While this is one method for blocking on Geography, is there a better method for being able to import a list of IP addresses you want to block from the WAN? I have 500+ addresses in my log that are frequently trying to bust in through SMTP. Even though I have a few entire countries blocked (like Russia, Iran, etc) these jerks keep coming at us. Its impractical for me to manually add them one by one, or even in small ranges like .1 to .255 of a network. I would like to be able to extract those addresses from the log (which I can do easily), them import them to a ban list on the Sonic Wall as Address Objects that could sit in an Address Group (called Blocked). But I cannot find a process or knowledge base article that describes such an ability.
That could require some coding to collect IP you feel are offenders, then you can push them to the firewall using this: www.sonicwall.com/support/knowledge-base/how-do-i-setup-and-use-the-threat-api-feature-on-my-firewall/171120113244716/
@@JeanPierTalbot Hi. Thank you for the reply. I read that article but it wasn't quite the match to our unit (a TZ470). But with that info I was able to find my way through Google to another which almost matches the OS on the model we use for how to enable the API, and how to then import addresses. And it would seem you can only import A host, not a network range . That is unfortunate, because I would prefer to setup small ranges of blocked IPs that envelope the actual offending IP plus a few dozen IPs on either side of it using this import method. But for others who find this, here is the article that more closely matched the process for the newer OS on newer sonic walls. www.sonicwall.com/support/knowledge-base/adding-multiple-address-objects-using-sonicos-api/200524131217347/
ALSO note - the login URI is CASE SENSITIVE. While the examples in many SonicWall knowledge base articles for using Git Bash refer to a URI that ends in "/api/SonicOS/auth" you must make all the text lower case ( /api/sonicos/auth ) or it will tell you the path was not found.
Grrrr. Problems remain - there seems to be no way to log on the API in Config mode. Searched multiple articles, nothing lists a command line switch that can be used in Curl to do this.!
hey JP, is there a list somewhere online that I can get all the Countries that are available on Geo-IP ? we need that to let C level mgmt decide what to block and not block. thanks pal!
Very good idea! I did a quick googling and didn’t find a list. Then I would suggest to show off your MS Paint skills and do a few cut and past from the UI :-)
@@JeanPierTalbot I’ve got it! I blocked all except USA then through cli I copied the geo-ip to notepad and removed block off of it. I been trying to learn slowly SonicWall cli. The “commit” when jumping to another section seems to be what gets me but rinse and repeat is making me remember. Thanks JP for your time!
Hi i have an issue on geo-ip there is an ip address is saying that belongs to country which is not and i am being blocked how can i update this ip address to the relevant country and to give access or exclude this ip it will be appreciated with your help
Sure! In géo ip you have a field to enter ip addresses and manually specify in which country you want them to belong. I believe I show it in the video.
Just found your content and I love what I have seen so far. Keep up the great video's and I will start sharing with others.
Thanks!
Your videos have been very helpful. Thank you!
yes, this service is great, but i can't block all countries and only allow one or two for a given access rule.
it selects the countries completely at random, is this a bug? As an example i select block all countries and after saving 5 countries are blocked. if i then add 10 more 9 are blocked and so on. I did not have this problem with my old TZ350
Were can look for WAN dropped traffic? So basic on my Fortinet gear as "Local Traffic" or WatchGuard, Sophos etc. TZ270 cannot find anything? help
Hello, you need to turn on “dropped packet” under tcp, udp and icmp in log setting
If management is enabled on x1 is there an option to set Geo-IP filtering to block admin access form :example Cuba?
I would need to check (it’s Sunday morning and I’m sipping my coffee :-) )
But I think an access rule would exist from wan to wan to allow management of the firewall. So simply apply geo ip to it. Let me know :-)
@@JeanPierTalbot Yes this is working great, thanks :).
While this is one method for blocking on Geography, is there a better method for being able to import a list of IP addresses you want to block from the WAN? I have 500+ addresses in my log that are frequently trying to bust in through SMTP. Even though I have a few entire countries blocked (like Russia, Iran, etc) these jerks keep coming at us. Its impractical for me to manually add them one by one, or even in small ranges like .1 to .255 of a network. I would like to be able to extract those addresses from the log (which I can do easily), them import them to a ban list on the Sonic Wall as Address Objects that could sit in an Address Group (called Blocked). But I cannot find a process or knowledge base article that describes such an ability.
That could require some coding to collect IP you feel are offenders, then you can push them to the firewall using this:
www.sonicwall.com/support/knowledge-base/how-do-i-setup-and-use-the-threat-api-feature-on-my-firewall/171120113244716/
@@JeanPierTalbot Hi. Thank you for the reply. I read that article but it wasn't quite the match to our unit (a TZ470). But with that info I was able to find my way through Google to another which almost matches the OS on the model we use for how to enable the API, and how to then import addresses. And it would seem you can only import A host, not a network range . That is unfortunate, because I would prefer to setup small ranges of blocked IPs that envelope the actual offending IP plus a few dozen IPs on either side of it using this import method. But for others who find this, here is the article that more closely matched the process for the newer OS on newer sonic walls.
www.sonicwall.com/support/knowledge-base/adding-multiple-address-objects-using-sonicos-api/200524131217347/
ALSO note - the login URI is CASE SENSITIVE. While the examples in many SonicWall knowledge base articles for using Git Bash refer to a URI that ends in "/api/SonicOS/auth" you must make all the text lower case ( /api/sonicos/auth ) or it will tell you the path was not found.
Grrrr. Problems remain - there seems to be no way to log on the API in Config mode. Searched multiple articles, nothing lists a command line switch that can be used in Curl to do this.!
Hello! is there a way to allow a specific user If they are trying to connect via a geo-blocked country?
Pretty sure not. To allow a user you fist need to allow an ip to authenticate which geoip will deny
hey JP, is there a list somewhere online that I can get all the Countries that are available on Geo-IP ? we need that to let C level mgmt decide what to block and not block. thanks pal!
Very good idea!
I did a quick googling and didn’t find a list. Then I would suggest to show off your MS Paint skills and do a few cut and past from the UI :-)
@@JeanPierTalbot I’ve got it! I blocked all except USA then through cli I copied the geo-ip to notepad and removed block off of it.
I been trying to learn slowly SonicWall cli. The “commit” when jumping to another section seems to be what gets me but rinse and repeat is making me remember. Thanks JP for your time!
Hi i have an issue on geo-ip there is an ip address is saying that belongs to country which is not and i am being blocked how can i update this ip address to the relevant country and to give access or exclude this ip it will be appreciated with your help
Sure! In géo ip you have a field to enter ip addresses and manually specify in which country you want them to belong. I believe I show it in the video.
Sry i have a TZ370 now