Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


GMS NSM not allowing me to remove unwanted countries from the allowed countries list in GEOIP filt.

Does anyone know why in the NSM I cannot move 7 countries from the allowed countries list to the blocked countries list in the GeoIP filter?

The countries are Iran, Macedonia, North Korea, and others - All known bad actors.

I believe the issue is in NSM because when I log into my firewalls directly, the GeoIP filter only has the US in the allowed countries list, as I want it.

When I noticed this, at the beginning of the week, I selected them all, moved them to the blocked list and commited and deployed the changes. Then when I returned to the GEOIP filter, even as late as today, these countries are still listed there. Clearly this is a concern, because the disparity between GEOIP filter config that the NSM tells me and the FWs tell me leaves me with doubt as to which is true.

Any ideas what the issue might be and how I can correct this?

My FWs are TZ500s and I am using the newest version (firmware version 8.1) of the NSM (Cloud GMS) from mysonicwall. I have already opened a case with support but just in case anyone has seen this issue and can help with a solution.

Category: Firewall Security Services


  • Options
    LarryLarry All-Knowing Sage ✭✭✭✭

    Question: Does this discrepancy still exist after you synchronize the firewall with NSM?

    To do so, open NSM to your tenant. In the left-side menu click on Firewalls, then select Inventory.

    In the list of firewalls, click the "hamburger" (three horizontal lines) at the far right and select Synchronize Firewall.

    Optionally review the differences or simply click OK.

    Note that it may take some time for the results to be propagated from the device to the cloud.

    If this action fails to change your settings, you'll need to open up a case with support (and you'll need to use MySonicWall to find the appropriate NSM instance - because you're not logging the case against the TZ).

  • Options
    nito68nito68 Newbie ✭

    Thank you Larry but this did not solve my issue with the NSM showing the bad actor countries in the allowed side. I kow the NSM is able to update the configs of the FW because I was working on other items when I noticed this and the other items do show up at the FW.

    Here is what my GEOIP setup looks like after today:

    top 2 pics are my physical FW,

    bottom two are NSM. Did the sync per your reply and also from the physical FW.:

  • Options
    LarryLarry All-Knowing Sage ✭✭✭✭

    Alas, there is a very long list of problems with NSM and you've discovered another one.

    Please create a support case and post the number here.

    I'm going to send the link to this thread to one of the SW managers I've been working with to let him know.

  • Options
    nito68nito68 Newbie ✭

    The case number is 43787279

  • Options
    TKWITSTKWITS Community Legend ✭✭✭✭✭

    I had a support case open for this for months and never got it resolved...

Sign In or Register to comment.