Looking through the logs on our firewall I noticed that there were several attacks happening from some ‘less savoury’ countries, so I thought I’d look at just blocking that country altogether – we don’t actually do any business with China here so why should they be attempting to ‘connect’ to our servers.
First, we need to create the appropriate ‘Country’ objects and maybe a ‘Country Group’ (depending on how many countries you’re planning on blocking). Head over to left hand menu, where we want ‘Objects’, then ‘Hosts and Services’, followed by ‘Country Host’. Clicking ‘Add’ gives us the option to give a ‘friendly name’ to the country and select the appropriate country from the list.
Next we need to create our group. Again, Head over to left hand menu, where we want ‘Objects’, then ‘Hosts and Services’, followed by ‘Country Host Group’. Clicking ‘Add’ we can greate the group by giving it a name and description, and selecting the hosts we want in that group.
With these now set, we can create our block rule. Back to the Left hand menu, but this time ‘Policies’, then ‘Add Firewall Rule’. For this we’re creating a ‘User / Network Rule’. The important thing here is the ‘Source Networks’ or ‘Destination Networks’. As my rule is to block all incoming traffic from the selected countries, we will apply the filter on the ‘Source Network’ with the following settings:
- Zone: WAN
- Networks: This is the country group created earlier – in my case ‘Blocked Countries (General)’
- Services: Any – I want to block everything from those countries.
- Schedule: All the time
- Zone: LAN
- Networks: Any
- Action: Drop / Reject
Once Saved, thats it! Remember to check the order of your rules once applied, just to make sure they are acting as you expect…