GoIP blocking USG310

Aleksandar Aleksandrov · November 2020

Hi All,

I am receiving some SYN attacks on my site recently. They all come from different countries and every time I am blocking the country, adding a new rule.

Is there anyway that I create a rule to disable all incoming traffic, except the IPs from a certain GeoIP location? The idea is that my site is used only from 1 country and no one outside this country must be able to connect to it.

Thank you,

Aleksandar Aleksandrov

Zyxel_Charlie · November 2020

@aaleksandrov
You need to create the GEOGRAPHY address group
Go to configuration>Object>Address/Geo IP>Address> Create profile for each region

Image: https://us.v-cdn.net/6029482/uploads/editor/sl/rzy8br7h65yz.jpg

Go to address group to Group all regions: all_world

Image: https://us.v-cdn.net/6029482/uploads/editor/63/aoz5upfbfr1s.jpg

Create the IP address which you want to allow

Image: https://us.v-cdn.net/6029482/uploads/editor/5k/xz4r7u9r1yfq.jpg

Go to Security Policy>Create any to any, Source:all_world, Deny > Create any to any, Source:Allow_IP, Allow

Aleksandar Aleksandrov · November 2020

Thank you very much.

Unfortunately I cannot add continents.

For example if I want to block all requests from Europe, I need to create a row for each country in the Addresses tab and then create a group with all created GeoIP addresses.

Is there any way that I can add directly continents?

Thank you

Zyxel_Charlie · November 2020

@aaleksandrov
What firmware version are you using?
To create address for continents, you just Go to configuration>Object>Address/Geo IP>Address>Select GEOGRAPHY on Address Type>Select continent on Region type

Aleksandar Aleksandrov · November 2020

Hi,

Thank you for update and sorry for my delay.

The version that we currently have is 4.33. We have scheduled a firmware update.

After we upgrade to 4.60, are we going to have the option to block/allow continents?

Thank you,

Aleksandar Aleksandrov

GoIP blocking USG310

All Replies

Categories

Security Help Center