Expired

XII. Firewall/Security Features

Expired

Create Firewall Rules with Country Object

Products:
Vigor 2620Ln
Vigor 2765
Vigor 2832
Vigor 2862
Show all

Keywords:
Country Object
country
firewall
object

The Firewall on Vigor routers support Country Objects. They allow quicker and easier setup of firewall rules to permit or block access to/from an IP address of a specific country. For example, a network administrator can block certain countries from connecting to the internal server to prevent attacks. Or, to restrict the destination that LAN users can access to selected countries only.
This guide demonstrates how to allow LAN hosts to only access websites and other services located in the UK.

1. Create a Country Object. Go to [Objects Setting] > [Country Object] page. Open one of the available profiles, set a profile Name and select Country.

 kb firewall country object 01

2. To block traffic to websites and other services except for those located in the UK, we will need to create two firewall rules. The first one to block all websites and services, and the second to allow access to websites and services in the UK.


2-1. Create the rule blockALL. Go to [Firewall] > [Filter Setup] > [Default Data Filter Set] and click an available rule to edit. For this article Filter Set 2 Rule 2 was selected.

  1. Enable the rule, and keep "Any" for Source IP, Destination IP, and Service Type
  2. Select "Block if no further Match" for Action, so that the router will check for any exceptions in other rules before applying this action
  3. Press OK to save

 kb firewall country object 02

2-2. Create a second rule to allow access to websites and services in the UK. Go [Firewall] > [Filter Setup] > [Default Data Filter Set] page and click on available rule to edit. Make sure that this rule follows the rule created in the previous step. For this step Filter Set 2 Rule 3 was selected.

  1. Enable the rule and click Edit for the Destination IP/Country to select the Country Object created in the very first step of this guide. A new window should pop up. Make sure that your browser won't block that.
  2. Set Address Type to Country Object then select Country Object from drop down menu. Press the OK button.
  3. Now continue with the configuration of the firewall rule by setting up Action/Profile filter to "Pass Immediately"
  4. Press OK to save

 kb firewall country object 03

To verify that the firewall settings are working as expected we can try accessing some of the non-UK websites such as:

www.draytek.de

kb firewall country object 04

www.draytekusa.com

kb firewall country object 05

and finally, our www.draytek.co.uk page

kb firewall country object 06

    How do you rate this article?

    1 1 1 1 1 1 1 1 1 1

First Published: 24/07/2020
Last Updated: 22/04/2021