Country Blocking - Configuration, Bad Actors List
Setup:
Country Blocking is in your Portal > Firewall > Countries
United States and Canada Only
NOTE: We do not recommend setting Rule: Accept traffic from United States / Canada.
In this configuration your
clients will not be able to use services that have data centers in other
parts of the world, a prime example is Facebook which routes the
majority of their traffic through Ireland. If you spend a bit of time
surfing around you will find that a good portion of the sites/services
you use are running a portion of their site internationally.
Known Bad Actor Countries
Unless you are 100% sure the
client must only have access to sites and servers in the US or Canada, we suggest that you
change to " Rule: Block known bad countries" which is a list that we keep updated.
You can also set the rule to Rule: Block from specific countries and manually add the countries that the majority of bad actor traffic originates from. Here is a great list to begin with:
- Algeria, Bangladesh, Belarus, Brazil, Bulgaria, Burkina Faso, Burundi, Cameroon, Central African Republic, Chad, China, Estonia, Hungary, India, Indonesia, Iran, Jamaica, Latvia, Lebanon, Lithuania, Myanmar, Nepal, Nigeria, North Korea, Pakistan, Philippines, Romania, Russia, Saudi Arabia, Syria, Taiwan, Thailand, Turkey, Ukraine, Uruguay, Viet Nam
Least Privilege
You can also use the least privilege technique and identify the nations where most services are routed. This is the set that should be sufficient to accommodate almost all of the websites we've encountered.- "Rule: Accept traffic from specific countries"
- US, Canada, Mexico, Australia, Ireland, UK, France, Italy, Austria, Sweden.
We can adjust the above lists if you are not able to access a site or a service.
Related Articles
Create allowlists and blocklists using MAC Addresses
Create allowlists or blocklists using MAC Addresses. You can create an allowlist or blocklist per VLAN with a hosts MAC Address. From the Portal > Devices page choose Mac Filter on the top right of the page: Enter the MAC Address, the VLAN the host ...QOS Configuration Guide
VOIP Setup Configuring VOIP during QOS setup QOS Classes Creating a QOS Rule Pre-Configured Traffic Types (Zoom, RDP, Dialpad, Webex) Set Priority to Traffic Type Assign Security Group (VLAN) Creating a Custom QOS Class Examples Setting Bandwidth ...Export a human readable Sonicwall Configuration File
For exporting a human-readable config from a Sonicwall device, the Sonicwall forum recommends getting into the CLI and doing: cli screen length session 2600 cli screen width session 128 show tech-support-report Please send the output to Uplevel ...LAN Subnet and DHCP Server Configuration
Manage the DHCP Sever on on the Uplevel Gateway Map Mac Addresses to IP Addresses in the DHCP PoolThroughput speeds of UG-101 Gateway
WAN Throuput Because of the Cavium Octeon III network processor used in the Gateway, the internal routing / VLAN-firewalling performance is of course quite high -3-4 gigabits/second. With all sophisticated Firewall functions enabled (Country ...