Blocking all incoming connections from specified countries in Kerio Control

NOTE

New in Kerio Control 9.2!

Kerio Control allows you to enable a GeoIPThe GeoIP filter blocks IP addresses from defined geographical areas (countries). filter for incoming traffic. This filter helps you effectively stop malicious traffic and potential threats.

The GeoIP filter matches each IP addressAn identifier assigned to devices connected to a TCP/IP network. to its source country and displays the result in the Active Connections section. You can see any suspicious connections there and block all traffic from a given country.

Displaying countries in Active Connections

To display the countries associated with IP addresses in Active Connections, enable the GeoIP filter and display the Source Country and Destination Country columns in Active Connections:

  1. In the administration interface, go to Security Settings > GeoIP Filter.
  2. Select Block incoming traffic from the following countries.
  3. Click Apply.
  4. In the administration interface, go to Status > Active Connections.
  5. Right-click the table header.
  6. In the context menu, scroll down to Columns and select Source Country and Destination Country.

From now on, the source and destination country appear for all active connections with a nonlocal IP address.

Adding new countries to the filter

To block all incoming connections from a specific country:

  1. In the administration interface, go to Security Settings > GeoIP Filter.
  2. Verify that the Block incoming traffic from the following countries option is enabled.
  3. Click Add.
  4. In the Select Items dialog box, select the countries you want to block.
  5. Click OK.
  6. Click Apply.

From now on, Kerio Control blocks all incoming connections from the selected countries. Outgoing connections are allowed.

Logging blocked incoming connections from specified countries

To verify which packets are dropped by Kerio Control, use the Debug log:

  1. In the administration interface, go to Logs > Debug.
  2. Right-click to the log window.
  3. In the context menu, click Messages.
  4. In the Logging Messages dialog box, select Packets dropped for some reason.
  5. Click OK.

After finishing debugging process, unselect the Packets dropped for some reason. Displaying too much information slows Kerio Control's performance. For more information refer to Using the Debug log.