Zitat von mpachmann am 14. Juli 2022, 12:44 Uhr

https://support.sophos.com/support/s/article/KB-000042367?language=en_US

Applies to the following Sophos products and versions:

• Sophos Firewall version 18.0 and later

Configure country blocking rule when WAF is used

Version 18.0 and later

1. Create a Drop firewall rule on top of the WAF rule. Go to Rules and policies > Firewall rules > Add firewall rule > New firewall rule and configure the settings below.

   Parameter	Value
   Rule name	Enter a name. e.g.Country_Blocking
   Rule position	Top
   Rule group	Assign the group according to your setup.
   Action	Drop
   Log firewall traffic	Enable this option to log the blocking. (optional)
   Source zones	WAN
   Source networks and devices	Countries that need to be blocked.
   Destination zones	WAN
   Destination networks	WAN interface or interface alias for your website.
   Service	Any

   Example:
   

2. A DNAT rule to a blackhole IP address needs to be configured along with the Drop firewall rule to drop the connection to the WAF service. Go to Rules and policies > NAT rules > Add NAT rule > New NAT rule and configure the settings below.

   Parameter	Value
   Rule name	Enter a name. e.g.Country_Block_Blackhole
   Rule position	Top
   Original source	The country you would like to block.
   Original destination	WAN interface or interface alias for your website.
   Original service	Any
   Translated source (SNAT)	Original
   Translated destination (DNAT)	Create a blackhole IP address (an IP address that is never used in your network).
   Translated service (PAT)	Original
   Inbound interface	The WAN interface for your website
   Outbound interface	Any

   Leave the other options as default.

   Example:

   
3. Result: In log viewer, if you put a firewall rule number filter, you should be able to see the blocking entries by the newly created Drop firewall rule (if the option Log firewall traffic is enabled in the firewall rule settings).