Block a Country with a Click:
The overwhelming majority of Spam, Malware, and DDoS attacks come from countries outside the United States and from infected machines in global Botnets. Enterprises are working to reduce the attack space by blocking traffic from countries that offer no business value, and by using IP reputation lists to block connections from IP addresses that are tied to malicious activity.
The PoliWall in-line appliance works with existing routers and firewalls to stop threats at the perimeter. With a click on a map block inbound and outbound TCP traffic by country and by managed IP blocklists at line speeds. By cutting the noise at the perimeter, the workload on systems deeper inside the network is decreased, making routers, firewalls, and IPS/IDS systems more effective at stopping attacks.
- Block IP ranges by country with a click on a map
- Use pre-compiled threat lists to block IPs tied to known botnets and malware
- Throttle bandwidth by country or any IT resource to mitigate against DDoS attack
- Tie allow/deny rules to specific resource groups like a VPN or public web server
- Stop malware & trojans inside the network from communicating out to botnet controllers
- Get automatic updating of IP country ranges and block lists
Today’s Country Blocking Tools Overburden Resources
A common way to block IP traffic at the perimeter is to load large access control lists (ACLs) directly into the router or firewall. The constant manual monitoring and updating of the ACL’s costs money in labor, consumes processing power and creates network latency. PoliWall’s automatic updating of IP country ranges and block lists obviates the high labor costs associated with manually updating ACLs, makes blocking a country as simple as clicking on a geographic map, and keeps device configurations simple so your network is not forced to trade protection for performance.
Country Blocking at HIPPIE® Speed
High-performance environments found in the financial sector and online retail sites rely on low latency data transfer to protect data and win a competitive edge. PoliWall’s High-Speed IP Packet Inspection Engine (HIPPIE) filters stateful traffic to achieve near zero latency while maintaining high throughput and TCP connection rates for both inbound and outbound IPV4 and IPV6 traffic. (See Performance Testing with BreakingPoint.)
Control Over IP Filtering Policy
Apply allow/deny country blocking IP filtering policies individually to any IT resource group such as a VPN, Sharepoint, webmail, or public web server. An organization might decide to allow only US inbound & outbound traffic, block millions of IP addresses on block lists registered to IPs in the United States, allow a partner in China access to the public web server, and still give sales VPN access while traveling in the blocked country of Brazil.
In Your Network
The PoliWall is a transparent bridging appliance that is typically installed between the firewall and the border router. Since it is transparent, it can usually be installed with no configuration changes to existing network equipment.
Track. Measure. Report.
PoliWall’s reporting dashboard can give you real-time visualization of your network traffic. Learn what countries are on your network and those blocked by IP reputation lists so you can identify out-of-compliance traffic flows. Create policies and immediately see the impact of those policies by country of origin, IP reputation list, or application resource for inbound and outbound traffic. Financial institutions can also use these reports to show compliance with government regulations like OFAC. The integrated Splunk universal forwarder lets you record high volume traffic logs for long term analysis to detect advanced persistent threats. Bandura’s Splunk app provides greater insight into Poliwall log data.
Block Threats with IP Reputation Feeds
In addition to blocking IP addresses originating from countries that offer no business value, you must contend with malicious actors operating in countries allowed by your policy. Many of these offending IPs are monitored by IP threat intelligence providers who provide direct near real-time feeds if detected malicious IP addresses to the Poliwall.
Using PoliWall’s Dynamically-Compiled Exception Lists (DCEL) engine, you can subscribe to commercial or open-source threat intelligence feeds and block all traffic both to and from listed IPs. The PoliWall allows you to configure an acceptable risk level for each of 32 threat categories, tailoring the DCEL engine to your environment and reducing the occurrence of false positives. Poliwall can check each packet against millions of know malicious IP addresses with virtually no impact on network performance.
|How We Compare|
|Point & Click Country Blocking Map|
|Block IP Addresses by Country|
|Block Pre-Compiled IP Threat Lists|
|Automatic Updating of Threat Lists|
|Block Inbound Traffic|
|Block Outbound Traffic|
|Impact of Rules & Threat Lists on Network Latency||High||High||Very Low*|
|Make Exceptions to Blanket Country Blocking Policies|
|Tie allow/deny policies to any internal IT resource (i.e. VPN , SharePoint, Webmail, Public Web Server, VOIP, Spam)|
|Prioritize Bandwidth By Country|
|Bridging Interface||Bypass Mode
1 Gigabit Copper RJ45
1 Gigabit Short-Run Fiber
1 Gigabit Copper RJ45
1 Gigabit Short-Run Fiber
10 Gigabit Copper RJ45
10 Gigabit Short-Run Fiber
|Management Interface||10/100/1000 Copper RJ45||10/100/1000 Copper RJ45||10/100/1000 Copper RJ45||10/100/1000 Copper RJ45|
|High Availability||Not Available||Not Available||Two Bridge Pairs
|Two Bridge Pairs
|Throughput Limits||50 mbs up/100mbs down||1 Gigabit||2 Gigabits||12 Gigabits|
|Processort||Intel||Intel Xeon||Intel Xeon||Intel Xeon|
|Solid State Drive||No||Yes||Yes||Yes|
|Redundant Power Supplies||No||No||Yes||Yes|
|Dimensions & Power|
|Appliance Dimensionst||17.25W x 12D x 1.7H (in)||17.25W x 14D x 1.7H (in)||17.25W x 30D x 1.7H (in)||17.25W x 30D x 1.7H (in)|
|Mounting||1U rack mount ears||1U rack mount ears||1U rack mount ears||1U rack mount ears|
|Shipping Weight||15 lbs.||25 lbs.||35 lbs.||35 lbs.|
|AC Power||100-240 VAC||100-240 VAC||100-240 VAC||100-240 VAC|