CYBER SECURITY BEST PRACTICE HUB, CYBERSECURITY, HOW TO, IT

Restricting Your Untangle Firewall via Country Block

March 17, 2019
313 views
3 min read
Restricting Your Untangle Firewall via Country Block
Untangle is a great business grade firewall that can be installed on your own physical device either by physical install or virtual machine. Also, you can buy a zSeries applicance from Untangle themselves, where the operating system is preinstalled. Each device is built to handle various loads and priced accordingly. Here we look at the firewall application, and how to block all of those countries who don't need access to your system, ever.
FacebookTwitterRedditPinterestEmail
Untangle is a great business grade firewall that can be installed on your own physical device either by physical install or virtual machine. Also, you can buy a zSeries applicance from Untangle themselves, where the operating system is preinstalled. Each device is built to handle various loads and priced accordingly. Here we look at the firewall application, and how to block all of those countries who don't need access to your system, ever.

The Apps

First, lets have a look at the apps that are available, and the one we are specifically looking at today. All of these applications have a great usage purpose, in particular Application Control and Web Filter which you can find in our Untangle review.

Untangle Applications

For this post, we are focusing on the Firewall application and blocking countries, mainly as we want to keep this short and to the point. Many other features are available.

IMPORTANT! It is important to note, this firewall is in addition to the firewall that is prebuilt into Untangle. You will be protected from day 1 with Untangle, but only at a lower network layer.

Enabling The Firewall

First, lets enable the firewall. Very simple to do, but first I would advise heading into the rules, and making sure that nothing is enabled that may immediately effect your live environment and cause the phones to ring.

Enable Untangle Firewall

Enabling The Rule

Once enabled, lets head into the rules section, of course I have removed the rules below for security reasons:

Untangle Firewall Rules

Blocking Countries (If Not)

Now the easiest way to complete this task IF you want to block more countries that you allow, if to create a rule which is based on if “Client Country” IS NOT. However, be careful! You have to also include XL, which is local, to allow local subnets to connect to the firewall, otherwise your internal network will lose internet access.

Untangle Block Country If Not

Blocking Countries (If)

On the flip side of the above, you may only have the requirement to block individual countries, lets say you trade with all but 2 countries. To achieve this, you wouldn’t action the above, but you would add a “Client Country” is rule, and therefore on this rule, DO NOT include XL (local) otherwise you will block internal internet traffic.

Untangle Block Country If

Bypass Rules

One thing to be aware of, bypass rules inside Config > Networking. These rules will bypass all application rules, including your firewall. Therefore, if you have the rule below, this will mean that traffic is allowed and will not be blocked by your rules above.

Untangle Bypass Rules

After Thoughts

Blocking countries that do not require access to your network, for me, is a must. It is simple to complete on most modern firewalls, and of course instantly restricts potential unwanted visitors. Also, when you enable this function and review the logs, don’t panic! You can now simply see what was happening the whole time, but now you are blocking it!

Dave King

View all posts

Add comment