Overview
GeoIP identifies a user's location based on their IP address. It reveals where someone is connecting from. When you browse the web, GeoIP checks your IP against a database, mapping you to a spot on the globe like a country or city.
Benefit of for Using GeoIPs
- Blocking all incoming traffic from a specific country
- Blocking traffic from countries known for high levels of cyber threats
- Restricting access to sensitive resources based on geographical location
- Regulatory compliance that mandates traffic control from specific countries.
Usage of GeoIP in Kerio Control
-
GeoIP Filtering: Kerio Control allows you to enable a GeoIP filter for incoming traffic. This filter helps you effectively stop malicious traffic and potential threats. To block all incoming connections from a specific country:
- In the administration interface, go to Security Settings > GeoIP Filter.
- Verify that the Block incoming traffic from the following countries option is enabled.
- Click Add.
- In the Select Items dialog box,select the countries you want to block.
- Click OK.
- Click Apply.
- From now on, Kerio Control blocks ALL traffic connections from the selected countries. Outgoing connections are allowed. More details about this particular configuration can be found here: Blocking all incoming connections from specified countries in Kerio Control
-
Rule Creation: As of Kerio Control 9.4.5p1, network administrators can create firewall rules that incorporate GeoIP data.
- Create a GeoIP within IP Address groups
- Select the GeoIP Checkbox
- Use the GeoIP Group in firewall traffic rules
-
GeoIP use in GFI AppManager: Administrators can use the GFI AppManager to create GeoIP within IP Address Groups that can be used for firewall rules.
- Go to your GFI AppManager account
- Navigate to the to Create IP Address Group
- Click on Import GeoIP preset and select the country of preference
Traffic Monitoring (Firewall Rules)
GeoIP data can be used to monitor and log traffic patterns based on geographic origin. To display the countries associated with IP addresses in Active Connections, enable the GeoIP filter and display the Source Country and Destination Country columns in Active Connections:
-
- In the administration interface, go to Security Settings> GeoIP Filter.
- Select Block incoming traffic from the following countries.
- Click Apply.
- In the administration interface, go to Status> Active Connections.
- Right-click the table header.
- In the context menu, scroll down to Columns and select Source Country and Destination Country.
Monitor Firewall Rule Usage
Traffic Rule Menu: Each time a firewall rule is used, there will be a timestamp indicating when it was used. Administrators can view this information in the Traffic Rule menu to track when specific rules are triggered.
-
Enable Debug Logging: To monitor detailed usage of firewall rules, enable the Debug log:
- Go to Logs > Debug in the administration interface.
- Right-click the log window and select Messages.
- In the Logging Messages dialog box, select Packets dropped for some reason to view blocked traffic and rule usage.
- Status > Active Connections: In the Active Connections section, administrators can see which connections are being managed by specific firewall rules. This provides real-time insights into how rules are applied to traffic.
-
Logging blocked incoming connections from specified countries: To verify which packets are dropped by Kerio Control, use the Debug log
- In the administration interface, go to Logs> Debug.
- Right-click to the log window.
- In the context menu, click Messages.
- In the Logging Messages dialog box, select Packets dropped for some reason.
- Click OK.
Feature availability
Below is a list of features and the Kerio Control version they are available in:
- GeoIP Filtering: Version 9.2 and later
- Rule Creation: Version 9.4.5p1 and later
- GeoIP use in GFI AppManager: Version 9.4.5 and later
- Traffic Monitoring: Version 9.2 and later
- Logging blocked incoming connections from specified countries: Version 9.2 and later
Priyanka Bhotika
Comments