Today we’re discussing firewall geoblocking. You may have heard the term geoblocking while doing research on the next firewall or UTM device for your business. Geoblocking is a method used to block/restrict traffic from address ranges from getting through your firewall to your servers and your network. It’s also used to restrict traffic leaving your network. Geoblocking has various other applications across other device types, but today we’re discussing ways you can use firewall geoblocking to add another layer of security to your office network.
Internet addresses (IP addresses) are assigned to each country by the Internet Assigned Numbers Authority (IANA – www.iana.org). This authority provides addresses to internet service providers. These service providers distribute those addresses to their customers throughout the world. Because there is a correlation between geographic location and address assignment, it’s easy to look up what part of the world an address has been allocated to. There are many sites that can go to for this information such as www.iplocation.net.
How it works
Intelligent next generation firewall/router devices often have a geoblocking feature. This feature includes a preloaded IANA listing of address ranges assigned to countries. The systems administrator setting up the device will select the countries that the device will allow (or block). This blocking happens very early on in the packet evaluation process (packet filtering) which means the router can block or allow data very quickly.
Advantages to Geoblocking
Geoblocking is one of those processes that has the effect of blocking out a majority of irrelevant traffic (malicious or otherwise) before the major processing of packet data (IDS/Web Proxy/DNS/SNMP Proxy/VPN/DLP etc.) occurs. It can have an overall positive impact on the performance of your firewall.
The second benefit is that it reduces your attack surface. Important note: geoblocking can be easily defeated when attacked by proxy. In other words an attack originating overseas but using a compromised system in an allowed country. Generalized attacks originating from questionable regions will be blocked. In testing, we’ve found that it blocks about 80% of international unwanted traffic at a very low cost in firewall load and processing.
The third benefit is that Geoblocking can help block outgoing traffic that is a result of a compromise. Geoblocking might not stop the initial infection especially if it came from email. But it can help break virus’ command and control mechanism by stopping the virus from reaching out to it’s foreign server.
Geoblocking can break websites and links you visit. An example: going to Facebook will work because you’re not likely to block your home country. However some of the posts may not work because they are linking to sites that are not in your country.
When traveling you’ll need to allow those countries you’re visiting. Otherwise you may find that connecting back to your office VPN will not work.
Tips to Configure Geoblocking
We recommend doing a block-all, allow list setup when configuring Geoblocking. By default this will block the world, except those countries you allow. This ensures the device can perform faster (it’s comparing against a smaller list) and it makes managing easier.
- Select countries your business has a reasonable chance of getting customers from and where vendors are located.
- EG: If you own/operate a local yard maintenance company located in Washington state USA, it would make sense to block traffic to/from Peru (and in fact just about every other country) because you’re not going to be doing business with those regions
- Allow countries your staff travel to.
- EG: as in the above example, if your staff regularly vacation in Ecuador, it would make sense to allow traffic from that country during vacation time.
- If there are major sites located overseas that you visit regularly, you’ll also want to allow those countries.
- EG: as in the above example, the yard maintenance convention put on by Stihl in Germany every year. Unblocking that country would be beneficial.
We recommend a multi-layer approach to security. Enabling and configuring Geoblocking can add an extra level of security to your network and help keep your data secure.