Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 7912 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Geo-Blocking - Does it work?

Shane Arnfield

Hello,

I am new to Sophos Appliances and struggling with so many different Bugs that I'm discovering!

In particular, a major purpose of using Sophos was to provide a method to Geo-Block certain Countries.  Despite hours of searching forums and various different configurations, it appears this simply does not work on Sophos.  Is this true?

The Firmware is SFOS 17.0.8 MR-8

Does anyone have a definitive answer to this simple requirement?

Thank you in advance for any assistance.

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    what particular part of country blocking are you seeing that is failing? Previous answers from Sophos support have shown that IP addressing is blocked based on GEO IP based data services.

    If it is URL based then no it does not work because I have traced .ru sites to the US and Ireland. I have also found Australian and US government NTP sites as being blocked by the GEO blocking as the sites being in China.

    Ian

  • 0 in reply to rfcat_vk

    Thank you for your reply.  Specifically I am not seeing anything being blocked!

    I am running a number of Servers plus a POP3 Email Server which are regularly being hit by log-in attempts from China and alike.  Since enabling GeoBlocking nothing has changed.  I can see from my own Security Logs (and GlassWire) that log-in attempts and Email Server hacking are still occurring from the designated regions.

    Surely the whole idea of GeoBlocking is that the UTM Appliance should not be passing these packets through?!?!

    I included a couple of screen-shots with my original message to show that "0 B" have been dropped by this Rule.

    Any suggestions?

Reply
  • 0 in reply to rfcat_vk

    Thank you for your reply.  Specifically I am not seeing anything being blocked!

    I am running a number of Servers plus a POP3 Email Server which are regularly being hit by log-in attempts from China and alike.  Since enabling GeoBlocking nothing has changed.  I can see from my own Security Logs (and GlassWire) that log-in attempts and Email Server hacking are still occurring from the designated regions.

    Surely the whole idea of GeoBlocking is that the UTM Appliance should not be passing these packets through?!?!

    I included a couple of screen-shots with my original message to show that "0 B" have been dropped by this Rule.

    Any suggestions?

Children