Is there a simple way to block geographic regions in the MX without manually entering them? Mostly it's just an added layer to keep things like Crypto Lockers from phoning home, but without some way to keep them updated and push them down to each of the facilities it'll be a massive headache. I realize they released some templates and tools for Node-Red but I know next to no JS and not had time to learn it honestly. If anyone has something in mind though I'll be happy to consider it.
Solved! Go to Solution.
I pulled a few sites that had blocks listed for each country and there looked to be more than was feasible to block under L3. I was unaware you could block countries under L7 as we've never had much use for it. We normally block everything using content filtering and white listing anything that may be caught by it erroneously. I'll give this a look though, thanks
Will admit, I prefer to use content filtering or a utility like Umbrella to handle this task. It's too easy to use a prepaid credit card to buy space on AWS and launch an attack from there.
That said, I have some clients where our company policy is to block a heap of countries because we have poor political relationships with their governments.
I agree, I'm mostly looking for an added layer of protection. We've talked about looking into umbrella, but until we actually sit down and look into it I'm going to block anything outside the U.S. If someone sets up an AWS or VPN to get around that there's not a lot I can do, but this will give me control of traffic going outside the country at least.
If you have a master list of countries you want to use, you can update it via API. Set it up on one MX the way you want, GET a copy, then put it to all the others.
Do note that this will overwrite any other L7 rules you've got in place. So if you've got a set of rules that MX B needs, grab the list of countries from MX A and add it to the MX B return.