SonicWall NSA 3600, Geo-IP Filter & blocking sites

Juan Sonera
Juan Sonera used Ask the Experts™
on
Our SonicWall firewall is setup to block some countries through the Geo-IP Filter, I would like to block everything outside the United States and only allow access to the required vendors sites which are located in Europe and Asia. I've been told that blocking all countries in the Geo-IP Filter then specifying specific sites to allow access to doesn't work. Is their a way to accomplish this or do they have to continue allowing access to entire countries to access these vendor sites?

We have a SonicWall NSA 3600 running Firmware version "SonicOS Enhanced 6.2.5.1-26n", dated "TUE MAR 15 15:48:25 2016"
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
TME / Network Security Evangelist
Commented:
you will need to add those sites to an address group, then set those as an exclusion list.
Alternatively set GEO-IP to firewall rule based mode, then create firewall access rules to allow access to the sites without the GEO-IP checkbox
Top Expert 2015
Commented:
As a supplement to the above suggestion, see the Sonicwall KB "How to configure SonicWALL Geo-IP Filter using Firewall Access Rules (SW9763)"

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial