Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Geo-Filtering Restriction for VPN users

Hello everyone

I seem to be stuck. I would like to configure an access rule that limits the VPN connections over Sonicwall Global VPN Client to one country only, meaning if you want to connect to the network, it has to come from inside that one country.

Is that possible? My understanding of access rules is still limited.

The firewall is a TZ 400 with Firmware Version SonicOS Enhanced 6.5.4.11-97n

Thanks and have a great day.

Category: Firewall Security Services
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    @CHEOPSken do you mean that endpoints with GVC can only connect from a single country to your TZ 400? The only way is to limit the IKE Access Rule in WAN-to-WAN with a custom GeoIP policy.

    But this will affect your Site-to-Site Tunnels as well, you might add additional Access Rules for enabling them connecting from other Countries. These Rules should be a 1:1 clone from default ones, but limited to the Peer IP addresses to avoid conflicts.

    --Michael@BWC

Answers

  • CHEOPSkenCHEOPSken Newbie ✭

    Hello @BWC

    Thanks for the answer. Yes I that is what I meant. All the other Sites used for Site-to-Site VPN are in that same country so this won't be a problem. I will try to configure this and will let you know if I succeed.

    Cheers

  • CHEOPSkenCHEOPSken Newbie ✭

    Hello again

    So I finally got around to trying this and it seems to work as intended:


    By adding the Custom GeoIP Filter to these IKE rules, I was not able to connect from Germany via Sonicwall GlobalVPN client. From Switzerland though, everything continued working as intended.

    Thank you for the suggesting and Cheers. 🙂

Sign In or Register to comment.