Sheldon Livingston
asked on
Open up country access with SonicWall.
I have a SonicWall TZ 400 wireless-AC and am utilizing GEO-IP Filtering to filter countries.
I wish to grant users access to a country... for a while anyway.
I moved the country from Blocked Countries to Allowed Countries and Accepted the change.
Still could not access the site. They get a "Connection initiated towards country: Brazil" message. "Block reason: Gateway GEO-IP Filter Alert"
I restarted the SonicWall. Brazil shows in the Allowed Countries list but they still can't get out.
What needs to be done to allow them out to the site?
I wish to grant users access to a country... for a while anyway.
I moved the country from Blocked Countries to Allowed Countries and Accepted the change.
Still could not access the site. They get a "Connection initiated towards country: Brazil" message. "Block reason: Gateway GEO-IP Filter Alert"
I restarted the SonicWall. Brazil shows in the Allowed Countries list but they still can't get out.
What needs to be done to allow them out to the site?
ASKER
On Firmware SonicOS Enhanced 6.5.2.1-31n.
When you say to check THE firewall rule, I don't understand. Is there, in addition to the 2 lists (allowed and blocked countries) also a rule for each country as well?
How would I identify which rule(s) of the 129 Access Rules would I need to change or delete?
When you say to check THE firewall rule, I don't understand. Is there, in addition to the 2 lists (allowed and blocked countries) also a rule for each country as well?
How would I identify which rule(s) of the 129 Access Rules would I need to change or delete?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you.
This appears to be a terrible system. I have, I guess, 30-35 such Geo-IP rules. Looks like I need to click each one, then click the Geo-IP button only to find that it is using the Global list. But, I guess I have to keep checking them to, maybe, find one that is using a custom list?
Seems like there would be a much, much better way.
This appears to be a terrible system. I have, I guess, 30-35 such Geo-IP rules. Looks like I need to click each one, then click the Geo-IP button only to find that it is using the Global list. But, I guess I have to keep checking them to, maybe, find one that is using a custom list?
Seems like there would be a much, much better way.
ASKER
Thank you! I eventually found the rule and all is good!
Glad to be of service
With SonicOS 6.5 you can do Geo-IP per rule. So check the firewall rule if it has it's own Geo-IP policy or if it's adhering to the global one