Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 699 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FW19 country blocking

weissnix

Hello,

i create a firewall rule with this manuel

https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/FirewallRulesCountryBasedRuleCreate/index.html

but they doesn´t work.

regards

Andreas



This thread was automatically locked due to age.
  • 0

    Hello ,

    Thank you for reaching out to the community, can you please share the Firewall logs from the log viewer ?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0

    messageid="16001" log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" fw_rule_id="5" fw_rule_name="#Default_Network_Policy" fw_rule_section="Local rule" user="" user_group="" web_policy_id="12" web_policy="Default Policy" category="Portal Sites" category_type="Unproductive" url="https://www.rambler.ru" content_type="" override_token="" src_ip="192.168.1.104" dst_ip="81.19.82.98" protocol="TCP" src_port="62370" dst_port="443" bytes_sent="4447" bytes_received="82440" domain="www.rambler.ru" exception="" activity_name="" reason="" user_agent="" status_code="0" transaction_id="" referer="" download_file_name="" download_file_type="" upload_file_name="" upload_file_type="" con_id="3316794944" app_name="" app_is_cloud="0" override_name="" override_authorizer="" used_quota="0"

  • 0 in reply to weissnix

    Is the country blocking rule you created on the top of the fw rules list ?
    Which source countries have you tried to block ?
    Can you provide us a screenshot of the FW rules and the FW log viewer if the country blocking rule is getting detected ?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    country blocking rule is the top of the fw rules!

    sorry, "log viewer if the country blocking rule"

    where can I find that? ...
    logging is turned on
  • 0 in reply to weissnix

    Hello

    So the action you kept is "reject," right? I do not understand the source zone and destination zone as well as the destination network? Can you translate ?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to weissnix

    You are blocking something coming from those countries to your Firewall.

    Your Log entry is from the Webproxy Log, means some client in your network is actively opening a website. For this you need to block those Countries in the destination. You need a new firewall rule to block everything from your LAN to those countries as well. 

    __________________________________________________________________________________________________________________

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML