You are here: Network Protection > Firewall > Country Blocking Exceptions

Country Blocking Exceptions

On the Network Protection > Firewall > Country Blocking Exceptions tab you can define exceptions for countries that are blocked on the Country Blocking tab. Exceptions can be made for traffic between a blocked country/location and specific hosts or networks, taking into account the direction and the service of the traffic.

To create a country blocking exception, proceed as follows:

Click New Exception List.

The Add Exception List dialog box opens.
Make the following settings:

Name: Enter a descriptive name for the exception.

Comment (optional): Add a description or other information.

Skip blocking of these:
- Region: Using this drop-down list, you can narrow down the countries displayed in the Countries box.
- Countries: Select the checkboxes in front of the locations or countries you want to make the exception for. To select all countries at once, enable the Select all checkbox.
  
  Note – To select all IP addresses, including those that are not associated with any country, for example internal IP addresses, deselect all checkboxes using the Deselect all checkbox.
For all requests: Select the condition under which the country blocking should be skipped. You can choose between outgoing and incoming traffic, referring to the hosts/networks to be selected in the box below.
- Hosts/networks: Add or select the hosts/networks that should be allowed to send traffic to or receive traffic from the selected countries—depending on the entry selected in the drop-down list above. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
Using these services: Optionally, add the services that should be allowed between the selected hosts/networks and the selected countries/locations. If no service is selected, all services are allowed.
Click Save.

The new country blocking exception appears on the Country Blocking Exception list.

To either edit or delete an exception, click the corresponding buttons.

Using Country Blocking Exceptions

Use the country blocking exceptions as follows:

Interface/remote host	Requests	Host/network	Countries
Local interface	Coming from	Enter a local interface address	Choose countries to skip
Local interface	Going to	Enter a local interface address	Choose countries to skip
Remote host (internal network)	Coming from	Enter an internal host/network	Choose countries to skip
Remote host (external network)	Coming from	Enter an external host	Do not choose countries
Remote host (internal network)	Going to	Enter an internal host/network	Choose countries to skip
Remote host (external network)	Going to	Enter an external host	Do not choose countries

Sophos UTM 9.600