Announcement

Collapse
No announcement yet.

Enhanced Country Blocking

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Enhanced Country Blocking

    I find Country Blocking while a really good feature, to be too coarse in its application.. I would like to suggest that Country Blocking be enhanced in the following ways:

    Selectively apply Country Blocking to Inbound / Outbound rules. ( For example I might want the world to see my web server (port 80, 443), but restrict access to a remote administration port ( RDP for example ) to just my country / region)

    I would like to create different Country Blocking 'rule sets'. My thought here is to create Country Blocking 'sets' (just like an address object).

    Combining the two ideas above the firewall rule definitions (Inbound and Outbound rules) could then be changed to select a country blocking object - E.g. a Global default rule, No rule, MyRule1, MyRule2 that refer to the objects defined - just as Source and Destination rules are currently defined.

  • #2
    Hello Matt_T

    Thank you for your input. While we are happy with the functionality that it has added to the firewall, we agree that it could use additional options to make it even better. We will take your suggestion and add it to our discussion on our future implementation of this feature.

    Thanks again!

    Comment


    • #3
      And adding a custom list (address object) for countries, there are many faults in the subscription list.
      This is better than whitelisting, since reports are showing the correct countries with false entries from the subscription.
      Last edited by Freddy; 2015-05-05, 19:06.

      Comment


      • #4
        We have an existing feature request regarding multiple enhancements to Country Blocking.

        Originally posted by freddy.huttner View Post
        there are many faults in the subscription list.
        reports are showing the correct countries with false entries from the subscription.
        We have not received any reports of incorrect country mappings. GB-OS obtains its Country IP codes from a constantly updated open database. These updates are pushed to the firewall as long as it has a valid support contract.

        We recommend that you contact support@gta.com with what IP addresses and country mappings you have observed as incorrect.

        Comment

      Working...
      X