topic Re: Block all countries except two - US and India in Advanced Threat Prevention Discussions

Block all countries except two - US and India

JGFireOwls — Tue, 23 Jan 2018 00:42:00 GMT

Hello everyone,

Im trying to find out if its possible to block all countries except for two - United States and India easily. The only way we can see right now is to go country by country adding them into the list. Can someone please assist if theres an easier way to accomplish this?

Thanks,

James

Re: Block all countries except two - US and India

mivaldi — Tue, 23 Jan 2018 01:26:41 GMT

You have a couple alternatives.

One is to use two (or three) Security Policies, The first one allowing all traffic from (and/or a second rule for trafic *to*) US and India Regions, the next rule listed right after these rules, blocking destination any.

The second option is to use the Negate option. You would configure a Deny rule, and add US and India, then in the Source or Destination Address (depending on which direction of sessions you want to block, you may need to use separate rules for either direction) use the Negate checkbox, which will say, Deny everything 'except' these two Regions.

#1 Pros: Configuration is obvious to anyone reading it, especially if you need to add security profiles in the Actions tab.

#1 Cons: You need two (or three, to cover sessions in either direction) rules

#2 Pros: You need only one rule (or two, to cover sessions in either direction)

#2 Cons: Configuration may look awkward to someone who doesn't understand what the Negate option does, and it's also counter-intuitive to see Security Profiles configured in a Deny policy.

Re: Block all countries except two - US and India

JGFireOwls — Tue, 23 Jan 2018 01:20:28 GMT

Awesome, this makes sense, thank you very much

Re: Block all countries except two - US and India

Dee — Tue, 21 Aug 2018 16:50:53 GMT

Thanks for the explanation. Just a quick question - In option 1 do we need 2 rules wouldnt the default deny take care of denying everything except the countries that are allowed?

Re: Block all countries except two - US and India

OtakarKlier — Tue, 21 Aug 2018 19:06:16 GMT

Hello,

The use of the rules is one for inbound and the other for outbound traffic. While yes a DENY ALL at the end could suffice, it just saves the firewall to keep having to match the traffic to the whole policy list. It's always top to bottom and left ot right until a match is found.

Hope that clarifies things.