Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 17867 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Country blocking exception still not working ?

jaapl

Hi all,

After experience with the Microsoft support scam (fake) it caused me to dive into regio/country blocking.

I block entire regio, e.g. Asia and want to allow traffic from my PC for DNS host nexus.officeapps.live.com.

No matter if I choose 'All Regions' or a specific country combined with the DNS host (and any service) traffic is still blocked.

Am I right that if I choose 'All Regions' and do not select any country, the skip action would effectively only look at DNS host (and service)?

 

Thanx Jaap



This thread was automatically locked due to age.
Parents Reply Children
  • in reply to rfcat_vk

    Hi,

    Sorry. Forget to mention it:

    Sophos UTM Home Edition

    Version 9.411-3

     

    Greetz Jaap

  • in reply to jaapl

    The main problem with country blocking and the UTM version does work is that the scamming countries can have a .ru or .vn suffix but be using a US based server so country blocking will fail every time.

    Country blocking is really only good for that play fair which does not describe the bad guys. So you also need to look at suffix blocking for your mail and websites.

    These are the trade offs if you want to implement real security.

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • in reply to rfcat_vk

    Hi, thanx again :)

    I 'm fully aware of the limitations of country blocking. It is just one in a row of security measures

    But I am just surprised that this option doesn't work properly.

    And, searching the forum on this subject, already for several years.

    Greetz Jaap

  • in reply to jaapl

    Country blocking works as designed, using the assigned ip address ranges.

    What you are looking for is country blocking based on suffix (wrong term but it will do) which you can setup your self, but requires it to be done for each proxy eg mail, web, etc.

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • in reply to rfcat_vk

    Yes, we got caught out by this. We were sending mail to a .uk address but they were using trendmicro (japan) as their spam solution. Because the UTM blocked anything coming from Japan (in this case the spam server doing an rdns on us), our mail was blocked as it was seen as spam.

  • in reply to rfcat_vk

    Hi,

    I haven't used an IP-address or IP-range but DNS host type option.

    You are saying that that doesn't work?

     

    And what/how do you mean 'which you can do by your self'?

     

    Greetz Jaap

Unfiltered HTML