Overview

Block a Country with a Click:

The overwhelming majority of Spam, Malware, and DDoS attacks come from countries outside the United States and from infected machines in global Botnets. Enterprises are working to reduce the attack space by blocking traffic from countries that offer no business value, and by using IP reputation lists to block connections from IP addresses that are tied to malicious activity.

The PoliWall in-line appliance works with existing routers and firewalls to stop threats at the perimeter. With a click on a map block inbound and outbound TCP traffic by country and by managed IP blocklists at line speeds. By cutting the noise at the perimeter, the workload on systems deeper inside the network is decreased, making routers, firewalls, and IPS/IDS systems more effective at stopping attacks.

  • Block IP ranges by country with a click on a map
  • Use pre-compiled threat lists to block IPs tied to known botnets and malware
  • Throttle bandwidth by country or any IT resource to mitigate against DDoS attack
  • Tie allow/deny rules to specific resource groups like a VPN or public web server
  • Stop malware & trojans inside the network from communicating out to botnet controllers
  • Get automatic updating of IP country ranges and block lists

Today’s Country Blocking Tools Overburden Resources

A common way to block IP traffic at the perimeter is to load large access control lists (ACLs) directly into the router or firewall. The constant manual monitoring and updating of the ACL’s costs money in labor, consumes processing power and creates network latency. PoliWall’s automatic updating of IP country ranges and block lists obviates the high labor costs associated with manually updating ACLs, makes blocking a country as simple as clicking on a geographic map, and keeps device configurations simple so your network is not forced to trade protection for performance.

Country Blocking at HIPPIE® Speed

High-performance environments found in the financial sector and online retail sites rely on low latency data transfer to protect data and win a competitive edge. PoliWall’s High-Speed IP Packet Inspection Engine (HIPPIE) filters stateful traffic to achieve near zero latency while maintaining high throughput and TCP connection rates for both inbound and outbound IPV4 and IPV6 traffic. (See Performance Testing with BreakingPoint.)

Control Over IP Filtering Policy

Apply allow/deny country blocking IP filtering policies individually to any IT resource group such as a VPN, Sharepoint, webmail, or public web server. An organization might decide to allow only US inbound & outbound traffic, block millions of IP addresses on block lists registered to IPs in the United States, allow a partner in China access to the public web server, and still give sales VPN access while traveling in the blocked country of Brazil.

In Your Network

The PoliWall is a transparent bridging appliance that is typically installed between the firewall and the border router. Since it is transparent, it can usually be installed with no configuration changes to existing network equipment.

Track. Measure. Report.

PoliWall’s reporting dashboard can give you real-time visualization of your network traffic. Learn what countries are on your network and those blocked by IP reputation lists so you can identify out-of-compliance traffic flows. Create policies and immediately see the impact of those policies by country of origin, IP reputation list, or application resource for inbound and outbound traffic. Financial institutions can also use these reports to show compliance with government regulations like OFAC. The integrated Splunk universal forwarder lets you record high volume traffic logs for long term analysis to detect advanced persistent threats. Bandura’s Splunk app provides greater insight into Poliwall log data.

Block Threats with IP Reputation Feeds

In addition to blocking IP addresses originating from countries that offer no business value, you must contend with malicious actors operating in countries allowed by your policy. Many of these offending IPs are monitored by IP threat intelligence providers who provide direct near real-time feeds if detected malicious IP addresses to the Poliwall.

Using PoliWall’s Dynamically-Compiled Exception Lists (DCEL) engine, you can subscribe to commercial or open-source threat intelligence feeds and block all traffic both to and from listed IPs. The PoliWall allows you to configure an acceptable risk level for each of 32 threat categories, tailoring the DCEL engine to your environment and reducing the occurrence of false positives. Poliwall can check each packet against millions of know malicious IP addresses with virtually no impact on network performance.

Client Testimonials

Within 24 hours of installing the PoliWall, the reporting dashboard showed that we had 38,484 connection attempts from Iran. Blocking these threats is reducing the volume of traffic hitting our network, and the number of security alerts our administrators then have to log and analyze. CSO, Financial Institution

I love this thing!  By blocking these threats, our firewall logs now are pretty much clean. CSO, Financial Services Client

We dropped all the needless traffic, realizing a 60% drop in the hours spent managing threats. VP Retailer

One of the most effective and easy products I’ve installed.  With a few clicks of a mouse we dropped all the needless traffic from countries like China, Russia and Iran—realized a 60% drop in the number of hours spent managing potential threats on our network. Vice President IT CPG Wholesaler

We tried Packet Viper and it was complicated to configure and took many screens to set up.  We did a PoliWall trial and set up was easy, a few quick screens—plug and play and blocking Iran! Managed Security Service Provider

Comparison

Routers

& Firewalls

Routers & Firewalls

Cloud Hosted

IP Blockers

Cloud Hosted IP Blockers

PoliWall

Appliance

PoliWall Appliance
How We Compare
Point & Click Country Blocking Map      
Block IP Addresses by Country      
Block Pre-Compiled IP Threat Lists      
Automatic Updating of Threat Lists      
Block Inbound Traffic      
Block Outbound Traffic      
Impact of Rules & Threat Lists on Network Latency High High Very Low*
Make Exceptions to Blanket Country Blocking Policies      
Tie allow/deny policies to any internal IT resource (i.e. VPN , SharePoint, Webmail, Public Web Server, VOIP, Spam)      
Prioritize Bandwidth By Country      
Throttle Bandwidth      

Models

E-Series E-Series M-Series M-Series X-Series X-Series Z-Series Z-Series
Certifications
Common Criteria (*In process) Not Available Not Available PP NNDP (CCF Models) PP NNDP (CCF Models)
FIPS (*In process) Not Available Not Available 140-2 Level 2 with Level 3
Design Assurance (CCF Models)
140-2 Level 2 with Level 3
Design Assurance (CCF Models)
Networking
Bridging Interface Bypass Mode
Copper RJ45
Bypass Mode
1 Gigabit Copper RJ45
1 Gigabit Short-Run Fiber
Bypass Mode
1 Gigabit Copper RJ45
1 Gigabit Short-Run Fiber
Bypass Mode
10 Gigabit Copper RJ45
10 Gigabit Short-Run Fiber
Management Interface 10/100/1000 Copper RJ45 10/100/1000 Copper RJ45 10/100/1000 Copper RJ45 10/100/1000 Copper RJ45
High Availability Not Available Not Available Two Bridge Pairs
Active/Standby
Active/Active
Two Bridge Pairs
Active/Standby
Active/Active
Throughput Limits 50 mbs up/100mbs down 1 Gigabit 2 Gigabits 12 Gigabits
Hardware
Memory 8GB 16GB 16GB 32GB
Processort Intel Intel Xeon Intel Xeon Intel Xeon
Solid State Drive Yes Yes Yes Yes
Redundant Power Supplies No No Yes Yes
Dimensions & Power
Appliance Dimensionst 17.25W x 16D x 1.7H (in) 17.25W x 16D x 1.7H (in) 17.25W x 30D x 1.7H (in) 17.25W x 30D x 1.7H (in)
Mounting 1U rack mount ears 1U rack mount ears 1U rack mount ears 1U rack mount ears
Shipping Weight 15 lbs. 15 lbs. 35 lbs. 35 lbs.
AC Power 100-240 VAC 100-240 VAC 100-240 VAC 100-240 VAC