Here in this article, we will discuss how to block any IP address based on country in sophos XG firewall.
First you need to identify IP address belongs to which country. For that, login to the sophos XG firewall CLI
You can use following article to login to CLI of sophos firewall
Enter “Device console” (option -4) and then type this command “show country-host ip2country ipaddress <IP address>” as shown below
For your information, sophos firewall will use “MAXMIND” database. You can also search for IP address directly in their website. Here is the URL for their website
Once you identify the IP address belongs to which country, you can create firewall rule. Click on “Rules and Policies” and add “new rule“. Create firewall rule as shown below.
In place of source networks and devices enter the country group. You can search for the country group in the same tab.
Note: It is recommended to use source and network zones as “ANY” to block country effectively.
Hope this article helps you.