WAF Restrict traffic from WAN

Question

Hello There. 
 Are there any information when SOPHOS will improve WAF option on its iwn devices? 
 Why we dont have such basic option to limit source traffic from WAN only for specific country? 
 So far we can only do IPs..

LuCar Toni · Accepted Answer

You could use a Blackhole DNAT. Works exactly like you want. 
 See: https://support.sophos.com/support/s/article/KB-000042367?language=en_US

Vivek Jagad · Answer

Hello Regex , Thank you for reaching out to the community, as of now only we can only specify the IP addresses and networks that can connect to the hosted web server. As of now it would be FR [Feature Request], I'd recommend you to reach out to your Account manager, Sales Engineer, or Sales Representative so that they can enter this request into our system. 
 Additionally, you can use the in-product feedback in the Sophos Firewall located in the Top Menu Bar.

LuCar Toni · Answer

This should not be a Problem. Reason is, you want to drop the traffic, if the firewall rule not applied, it will be dropped, if the rule does apply, it will be dropped. The outcome is the same. Only logging would not be there, if the firewall does not apply. So if you see drops in your logviewer by your Blackhole Rule, you are fine.

__________________________________________________________________________________________________________________

Regex · Answer

Can you also explain why after setup BlackHole DNAT rule i cant see "Web server protection" logs anymore? I guess its cuz it catches in "block country" FW rule where NAS is linked.?

EDIT:
So actually there was no need to create BlackHole NAT rules cuz it was only enought to just limit source in exristing DNAT WAF policy. But you loose WAF logs for that particular traffic as it will not catch into waf policy... pity

__________SETUP___________

HP Small Form Factor: i5 4Cores, 8Gb of RAM.
Intel Network Card 5x Eth
SSD: 256Gb

WAF Restrict traffic from WAN

Top Replies