Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

IP Address Blocked By Country Based Firewall Rule

Here in this article we will discuss how to unblock the IP address which are blocked with reason “Country Blocking”. In some scenarios we might come up with issue like this, suppose you want to block chinese IP address but firewall is actually not blocking it. You confirmed that IP address belongs to china country through this website.

https://www.ip2location.com/

Resolution:

Sophos XG firewall will use maxmind database to predict the IP address and its origin country. Here is the URL for the max mind database:

https://www.maxmind.com/en/geoip-demo

So based on this result, you need to create firewall accordingly. In case if you follow different web site and blocked some wrong country, firewall will block legitimate IP address.

Process:

Suppose if i need to block “31.23.45.67” and their whole country for both inbound and outbound communication through firewall. I need to identify IP address of that country. For that, i will go to max mind database and search for that specific IP address:

Max Mind Database
IP address

So as per the result, IP address belongs to russia.

Create Firewall Rule:

We need to create firewall rule to block IP address. The firewall rule should be on the top and parameters of the firewall rule should be as follows.

Source zone: ANY

Source Network: Russian Federation

Destination Zone: ANY

Destination Network: ANY

Destination Service: ANY

Sample Firewall Rule:

Click on Rules and Policies >> and then click on ADD firewall rule

Source Firewall Rule
Firewall Rule

Now all russian IP address will be bocked.

Legitimate website getting blocked by country based firewall rule:

Suppose i have created firewall rule to block all traffic to russian federation as shown in image below. Please note i have added russian federation in destination, since i want to block access to that destination country.

Destination Firewall Rule
Destination FW rule

But i want access to one of the russian websites, in this case i need access to this website

http://government.ru/en/

So we need to create exception in the same rule to allow traffic only for the above “URL”. For that create FQDN host as shown below

FQDN host
URL IP

Click on “ADD exclusion” in country blocked firewall rule and add this “FQDN host” in destination as shown below

Exclusion
Exclusion

By this way we can exclude certain website from country based firewall rule.

Hope this article helps you.