Geo-Filtering Restriction for VPN users

CHEOPSken

Hello everyone

I seem to be stuck. I would like to configure an access rule that limits the VPN connections over Sonicwall Global VPN Client to one country only, meaning if you want to connect to the network, it has to come from inside that one country.

Is that possible? My understanding of access rules is still limited.

The firewall is a TZ 400 with Firmware Version SonicOS Enhanced 6.5.4.11-97n

Thanks and have a great day.

BWC

@CHEOPSken do you mean that endpoints with GVC can only connect from a single country to your TZ 400? The only way is to limit the IKE Access Rule in WAN-to-WAN with a custom GeoIP policy.

But this will affect your Site-to-Site Tunnels as well, you might add additional Access Rules for enabling them connecting from other Countries. These Rules should be a 1:1 clone from default ones, but limited to the Peer IP addresses to avoid conflicts.

--Michael@BWC

CHEOPSken

Hello @BWC

Thanks for the answer. Yes I that is what I meant. All the other Sites used for Site-to-Site VPN are in that same country so this won't be a problem. I will try to configure this and will let you know if I succeed.

Cheers

CHEOPSken

Hello again

So I finally got around to trying this and it seems to work as intended:

By adding the Custom GeoIP Filter to these IKE rules, I was not able to connect from Germany via Sonicwall GlobalVPN client. From Switzerland though, everything continued working as intended.

Thank you for the suggesting and Cheers. 🙂