Configuration Process
Creating a Geographic Filter
Geographic filter configuration involves two primary steps:
Step 1: Define General Settings
- Navigate to Profiles > Inspection Profiles > [Profile Name] > Reputation/Geo
- Click New Geographic or select an existing geographic filter and click Edit
- Configure the following parameters:
- Name: Enter a descriptive name for the filter
- State: Set the filter state (enabled/disabled)
- Locked Status: Configure lock settings
- Action Set: Specify whether to permit or block traffic based on the geographic region
Step 2: Configure Country Criteria
- To add a country, in the Country Criteria section, click "+" to add or countries. This will make the Choose Countries dialog box appear.
- In the Choose Countries dialog, use the Search field to narrow down the list of available countries
- Note: You cannot enter abbreviations or alternative names (e.g., "US" or "America" for "United States")
- Select countries and configure as:
- Inclusions: Select to include the selected countries in the filter
- Exclusions: Select to exclude the selected countries in the filter
- Click OK to save the configuration
Important Configuration Considerations
"Any Country" Behavior
- Every new Geographic filter automatically includes "Any country"
- Once you include a country, TippingPoint SMS removes "Any country" from the filter
- If you only exclude countries, the "Any country" remains.
Inclusions vs. Exclusions
- You cannot include specific and exclude specific countries in the same filter.
- When you exclude a country, TippingPoint SMS automatically includes every other country available in the database
- The action set for the filter determines the actual action (block/permit) assigned to the country
- TippingPoint SMS displays:
- Green check mark icon for included countries
- Red strikethrough icon for excluded countries
Performance Considerations
Creating a Geographic filter for countries with large IP address ranges and significant traffic using the "Notify" action set can adversely affect device performance due to the large number of events generated.
Limitations and Known Issues
Geographic Identification Limitations
- Please note that traffic routed through a VPN, proxy, or other similar IP obfuscating service may result in IP addresses that do not reflect the original source. This behavior is expected and not indicative of an issue with TippingPoint.
- There may be types of addresses, such as private IP ranges, AnyCast networks and CDNs, that will appear as "unknown".
Use Case Example
APLA Region Tracking
To track the APLA (Asia Pacific and Latin America) sales region:
- Create a new Geographic filter
- Include the following countries: Argentina, Australia, Brazil, China, Hong Kong, India, Indonesia, Japan, Mexico, New Zealand, Korea, and Taiwan
- Select the appropriate action set
- Distribute the filter to target devices
Related Information
- For detailed reputation exception procedures, refer to the TippingPoint SMS (Security Management System) User Guide
- Geographic filters work in conjunction with reputation filters and inspection profiles
- Events generated by Geographic filters can be viewed in the TippingPoint SMS Events area and used for reporting