Article Applies To:
Gen5: NSA E8500, NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 240
Gen5 TZ Series: TZ 210, TZ 210 Wireless,
Firmware/Software Version: SonicOS Enhanced 5.8.1.x and above versions.
Services: Geo IP Filtering, Botnet Command & Control Filtering
Geo-IP Filtering allows the administrator to block connections coming to or from a geographic location. Botnet Command & Control Filtering allows the administrator to block communications to suspected command and control IPs based on the reputation database built by the Sonic GRID research network.
A new Security Services > Geo-IP & BOTNET Filter page has been added to the management interface and Geo-IP Blocking is also available from the Dashboard > App Flow Monitor page
For this feature to work correctly, the country database must be downloaded to the appliance. The Status indicator turns yellow if this download fails for any reason. Green status means that the download was successful.
Step 1: Login to SonicWALL Management Interface and go to Security Services > Geo-IP & Botnet Filter
Step 2: At the top of the page, you can select the Block connection to/from Botnet Command and Control Servers checkbox to enable Botnet filtering. Below that, to enable Geo-IP filtering, you can select the Block connections to/from following countries checkbox, and select the checkboxes for the desired countries to block.
Step 3: Enable the checkbox next to the country you wish to block.
Step 4: The Geo-IP/Botnet Exclusion Object field allows you to select an Address Object containing IP addresses to exclude from filtering and blocking.
You can look up an IP address to find out the domain, DNS server, and check whether it is part of a Botnet. The Services > Geo-IP & BOTNET Filter page provides this functionality at the bottom of the page:
The System > Diagnostics page also provides this capability: