Network Security: Services Support for Country Blocking
the country blocking is a very good idea.
we get a lot of intrusion from china to our terminalserver. the best extension would be if we could limit it to services looks like RDP, VNC
It would be very useful to block certain geo IPs for some kind of traffic for example blocking ftp access from china and not blocking http traffic coming from china ;)
It would be great to be able to block all countries, except for the ones you use regularly, but also be able to add site specific URLs to a white list of sorts.
Ex: All countries blocked but USA. You want to visit linux.org (which is located in another country that is currently blocked). add *.linux.org to a white list so you can still get to the site without having to trace which country it's in, and unblock the WHOLE country just for one site.
This feature is available with the XG Firewall launched in November 2015.
Eric R. commented
"This feature is available with the XG Firewall launched in November 2015."
Also Known As:
Death to Sophos UTM (Astaro) and we never gonna do this in Astaro - ********* guys. Just buy our new, new, new XG!
If that's the case, just say so and DON'T put it on completed!
Exodus Naixus commented
Please also vote for Country Blocking With Exceptions located: http://feature.astaro.com/forums/17359-astaro-security-gateway-feature-requests/suggestions/1366019-country-blocking-with-exceptions?ref=title
Both of these requests are nearly the same. Thanks - Exodus Naixus
if possible incorporate it in your next release
very useful feature to prevent hacking
And possibly also restrict to blocking inbound only.
I would inform you that there is a very similar idea with a lot of votes. Perhaps it's better to move your votes here:
I think it is a musthave to say block all traffic from a country excluding maybe a port or Email-Adresses
Klaus Müller commented
the same here!!!
I also need this before we can use GeoIP blocking, and need to be able to add overrides; e.g. block China except for 22.214.171.124/24, etc.
Network Administrator commented
Agreed, please block a Country, but allow rules to be set to allow SMTP from specific IP addresses if needed. What would be great is to have the Block Country options show up as a single "Wall" rule, then you can move the rule on the list. Having all the states and provinces show up would be a bit much, but if we could control where on the list the Country Blocking is applied, everyone could insert the rules needed for service.
Carsten Koster commented
Yes, Upgrade the Option Country Blocking with Services. So that you're able to block a Country but allow e.G. SMTP for this country.
country blocking for indbound would be nice ! NOT outbound.
Nice! I just suggested this on the RoadShow.
you are right Stefan, I asked this in the original feature request... but for the moment no news about. I think that is needed an exception for web sites. We also receive attacks from China, but we need to surf in chinese web sites. As far as I know country blocking stops also web surfing.
At least, could be sufficient to block incoming traffic and not outgoing.