Jump to content


Photo

How many block by Geo Location and to what degree?


  • Please log in to reply
3 replies to this topic

#1 Michael Manning

Michael Manning
  • Members
  • 257 posts
  • LocationOhio, USA

Posted 11 October 2019 - 09:13 AM

I've just recently started experimenting with blocking by geo location and wonder what other do in that regard. I've noticed in the firewall history that we get tons of probing on various ports that shouldn't really get traffic from outside the US. However, I don't necessarily want to block all traffic so figured I'd block everything from maybe Europe or the EU groups except smtp? Any thoughts on that?

 

We don't host our own public website so don't need to worry about that, and our customers are primarily from north america so that would be the only region I might need to worry about VPN traffic, or access to our HR systems web UI.



#2 Jbo

Jbo
  • Members
  • 69 posts

Posted 30 October 2019 - 12:41 PM

Anything dealing with the Internet, we use geo blocking. I block practically everything except for what my users need. I started by blocking everything except US and then watched logs and expanded the countries to those necessary for my users to do their job. You will see in the logs countries that cloud services use. Same thing goes for inbound traffic for ex: our smtp inbound. I only allowed countries that we expect e-mail to come from.

 

As with anything. Make changes slowly and watch logs to make adjustments.



#3 Micha Knorpp

Micha Knorpp
  • Members
  • 179 posts
  • LocationGermany, BW

Posted 06 November 2019 - 05:07 AM

In some occassions, we block unwanted / unnecessary geolocations for incoming VPN / SLL-VPN traffic.

Of course, you will have to use a local redirect rule in Forwarding Ruleset to do this because Host Firewall ruleset won´t let you involve geolocations....

sadly. But works!


regards,
-micha-

#4 Mark Shanley

Mark Shanley
  • Members
  • 15 posts

Posted 11 November 2019 - 05:17 AM

I do geo-blocking all the time. We recommend this to many customers based on access requirements. We are in the EU and generally geo-block countries and regions. It works really well. If you are in the US and only expect or want US traffic (possibly Canada as well) the geo-block everything and use an excetption for the US and Canada. This will take a load of your firewall running through the rule set for every connection you don't want.