Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 2198 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Country Blocking - Is it before the firewall, or part of it?

eganders_01
1. Where do Country Blocking and Country Blocking Exceptions come in the firewall order of things - or are they at the "same" level?

2. Can you use Country Blocking to block a country, and but allow a few selected IP's from that country through (by defining them on the firewall page)?


This thread was automatically locked due to age.
  • 0
    There was an error in V9 until it was fixed in 9.006-5; the SMTP Proxy came before Country Blocking.  In V8 and current V9, Country Blocking occurs before all proxies, so that means it comes before manual Firewall rules.  I haven't tested whether it comes before DNAT rules, so I hope someone that knows sees your thread!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    2. Can you use Country Blocking to block a country, and but allow a few selected IP's from that country through (by defining them on the firewall page)?


    Hi, I believe an 'exceptions' system has been added to the country-blocking in 9.1, but I haven't tried it.
    Note 9.1 still has some issues.

    Barry
  • 0
    like Bob said,  in earlier  versions the Smtp was excluded from country  blocking.
    In the last version (9.1 and beta) after "feature requests" from users, Country Blocking stands before anything (not tested for vpn).
    And yes you can block for incoming, outgoing or all requests and make exceptions for specific IP
  • 0 in reply to BarryG
    Note 9.1 still has some issues.

    With Country Blocking?  

    It doesn't block something it should?  I could maybe live with that until it's fixed.

    OR

    It blocks something it shouldn't?  Now that could be a serious problem.
  • 0
    Hi,
    I was referring to 9.1's other issues, of which there seem to be at least a few severe ones (IPS and/or HTTP proxy high memory/swap usage, etc.).

    There's a thread at
    https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/28917

    Barry
  • 0 in reply to BarryG
     . . . I was referring to 9.1's other issues . . .


    Got it.  Thanks Barry.
Cookie Information Banner