Solved

sonicwall

Posted on 2010-08-31
7
978 Views
Last Modified: 2012-07-16
We have a Sonicwall 4060.  We get a lot of threats from outside the US, yet we don't do any business outside the US.

 Is it possible to tell the Sonicwall to simply DENY ALL REQUESTS/ALL TRAFFIC from IP addresses with an origination outside the US?

 thanks
0
Comment
Question by:paulterack2
7 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 33568799
It seems not to be possible and even if it were i would be VERY much advising any clients of mine against it, you can never be 100% sure of the exact location of IP addresses (subnetting, especially for the larger IP allocations). At best it would need some form of RIPE lookup on a per packet basis which would be very intensive for a heavy traffic site. Aside from the potential for error and thus blocking wanted traffic the admin overhead would be intense.

I've had a quick look on some tech sheets incase im missing any new developments and from what i can see it isnt something that you can do on that device.
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 33568997
What woolnoir said.  You would be creating a LOT of headaches if you tried to do this.
The firewall is blocking all uninvited traffic by default.  Are you trying to also block connections to "foreign" IPs even if they originate from requests from your network (i.e. your user clicks on a .uk url)?
0
 

Author Comment

by:paulterack2
ID: 33569019
Yes. We have ZERO need for anything outside the US at this time. I appreciate your comments. It's really just something I was thinking about, wondering if possible because I just see so many intrusion attempts, all originating outside the US.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 20

Accepted Solution

by:
woolnoir earned 250 total points
ID: 33569039
You may be able to report on it, but with most firewalls even thats not possible. Just image that each connection attempt is potentially 100's maybe even more packets and for the report to be consistent a geo-ip lookup needs to happen on every ip - its a big undertaking.

Our proxy server (a bluecoat) offers the same feature set for web access... based on URL inspection, and the reporting engine of that dies when we ask for Geo-ip lookups - imagine that x 10000.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33569049
It would be nice if there were a quick way to do it, i dont imagine RIPE would be too pleased either with the multiple order of magnitude increase on the number of IP queries they get... i'd see some evil humour in that one.
0
 
LVL 13

Assisted Solution

by:IT-Monkey-Dave
IT-Monkey-Dave earned 250 total points
ID: 33569051
I understand what you're getting at but the Internet is so "global" now (like everything else) that some of the content from a US-based site could be linked from just about anywhere in the world.  I would say disregard, firewall is operating as intended.
0
 
LVL 1

Expert Comment

by:papaschlumpf
ID: 38191626
there is a feature called Geo-IP Filtering. ( https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8963&formaction=catalert ) .
its possible with the new firmware 5.8.1.x ( for example the tz 210 or nsa 240, nsa 2400 ...) has it . Unfortunatly not the pro 4060.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now