|More than 250 territories||yes||yes||yes||yes|
Number of territories that can be blocked
at the same time
|Port range exceptions for blocked territories||5||1||5||50|
|Port ranges per port range exception||3||1||3||10|
|Logging into a file||yes||no||no||yes|
|Real-time activity log||yes||yes||yes||yes|
|System tray icon||yes||yes||yes||yes|
|Rules for blocking/allowing territories||yes||no||yes||yes|
|Import and Export of rules into a file||yes||no||yes||yes|
|Import of rules with a doubleclick on a file||yes||no||yes||yes|
|Geo database auto-download
for 30 days
for 180 days
for 1 year
for 1 year
|Complimentary technical support for 1 year
*See end user license agreement for details.
|Background without a watermark||no||no||yes||yes|
|License to use for more than 30 days||no||yes||yes||yes|
|Price (in USD)||-||Free||$16.95||$22.95|
|Latest release||4.1 , 12 Dec 2022 , [Change Log, Previous Releases]|
|Supported networking||Ethernet, IPv4, IPv6, TCP, UDP.|
|Traffic filtering engine||Kernel-mode network driver.|
|Prerequisites||.NET 4.5.2, up-to-date root certificates (or it will take 2 minutes to start).|
Windows 7*, 8, 8.1, 10, 11, Server 2008 R2*, Server 2012, Server 2012 R2, Server 2016, Server 2019, Server 2022.
*For Windows 2008 R2 and 7, required Service Pack 1 + KB3033929 (SHA-2 digital signing).
*For Windows 8.1, Server 2012 R2, required KB2995730.
|Recommended hardware||CPU 1GHz and above, modern graphics card.|
|Additional hardware required||none|
Very few people realize that a large number of security threats comes from the limited number of countries that ignore cyber threats until they reach dangerous proportions. In such countries, web servers are frequently compromised and infected with various malware. As a consequence, those who visit them are running the risk of being infected with malware. Quite often, Internet users are totally unaware of the location of servers just as they are unaware of where web links are taking them. Geo Firewall shows which countries are being accessed. It allows to block geographical regions, individual countries, and custom networks.
Up until recently, the geographical (Geo-IP) blocking was only available to large companies with sophisticated and expensive hardware firewalls. Now, Geo Firewall brings such security to laptops, desktops, and cloud servers. Once geographical blocking rules are set, the computer is protected from reaching the blocked territories. Geo Firewall is a security software that allows to separate the countries you trust from those that you don't. It is compatible with most other security software. The more levels of defense there is, the harder it is to breach.
The operation of Geo Firewall is straightforward. The tree-like list contains geographical territories that are used for creating rules: checked (blocked) or unchecked (allowed). The toolbar and the menu contain operations that can be performed on the territories. The rules work on IPv4/IPv6, TCP, and UDP network protocols.
A checkmark on a geographical territory designates it as blocked. The search for individual countries by their name among 250+ available territories could be a daunting task. The text search bar helps to make it easy by showing only the countries containing a certain text in their name. Click button on the toolbar and only the countries containing specified text will stay visible.
Rules are automatically applied after every change with a default delay of 1 second. The delay can be changed within Settings to allow more changes to be performed before the wait cursor comes up. The program acts as a Windows service. So the rules are in effect while the "Geo Firewall" service is running. The last rules are automatically loaded upon "Geo Firewall" service start.
To protect rules from accidental changes, read-only mode can be activated with button.
Geo Firewall rules allow to block or to allow whole countries and networks. When used on servers, there are cases when computers from the blocked countries need to have access to only a certain range of TCP or UDP ports. In such cases, Port Exceptions allow to specify exclusions from the blocking rules. Each Port Exception can have multiple port ranges that allow network traffic to local TCP/UDP ports. Each Port Exception can also be bound to (associated with) multiple geographical territories, but a geographical territory can be bound only to (associated with) a single Port Exception.
Check marks on countries in Geo Bindings denote the presence of the binding (association). The Geo Bindings are persistent and do not change when associated countries change between blocked and allowed. However, they have effect only on countries that are blocked (countries that are allowed allow all traffic anyway).
In addition to geographical territories, Geo Firewall also understands and works with reserved networks. These are the networks used by computers to communicate with other computers and routers on local networks. Reserved networks can be found under [Reserved Networks IPv4] and [Reserved Networks IPv6].
Reserved networks are pre-defined, and although they can be blocked or allowed, their definitions cannot be edited. It is highly recommended not to block them to avoid unusual networking situations.
Some may ask: what happens if [Reserved Networks] are blocked? Nothing dangerous, really. The computer just would not be able to reach other computers around it to obtain a new IP address or to resolve domain names.
In addition to pre-defined geographical territories and reserved IPv4/IPv6 networks, Geo Firewall allows to add user-defined networks. User-defined networks show up under [User-Defined Networks] region.
To edit user-defined networks, click on the toolbar. Since IPv4 and IPv6 networks have different formats of IP addresses, they are kept separately during editing.
When editing user-defined networks, the networks can overlap with other user-defined networks or with pre-defined geographical
In such cases, there is an order of precedence for determining which rules are actually in effect for an IP address.
The more specific
networks (those that have greater network mask) always take precedence over less specific networks.
For example, the network 192.168.1.1/32 is more specific than 192.168.0.0/16, hence the rules for 192.168.1.1/32 will take precedence during communication with 192.168.1.1.
A common way to unblock any specific network within already blocked country is to create a user-defined network which is not blocked (unchecked) or to add it to a white list of networks.
IP Geo Lookup is a great way to determine which network rules take precedence. The more specific networks (those that take precedence) are listed at the top.
Statistics makes it easy to understand where the traffic is
going to or coming from. Live statistics is presented in as a chart and
Statistical data is acquired/refreshed according to statistical refresh interval within Settings. The data
is also retired (removed) according to Remove Inactive Items settings.
The settings for statistics can be adjusted to include or exclude non-country records.
The collection and visualization of statistical data impacts CPU performance. On laptops and desktops there may be no significant difference. However on servers with weak graphics cards that operate at high CPU utilization, disabling of statistics or even increasing of the refresh interval does significantly improve the overall system performance.
Logging helps to see the historical performance of rules. Logging can be directed into
the log file (in CSV format) with a daily log file rotation.
The refresh rate of the visual log can be adjusted via Settings.
Just like with statistics, logging has an impact on CPU performance. So, disabling or even increasing a refresh period may significantly improve the overall system performance.
Geo Firewall settings can be changed via Settings .
Blocking Action allows to specify the action to be performed on the traffic that is being blocked. It is applied to all blocked territories and networks. If the action is unchecked, blocking would not happen for that particular traffic direction.
Geo Firewall is filtering connections and conversations over the network. The traffic can be allowed in one direction, but prohibited in the opposite direction. Whenever the traffic starts in the allowed direction, Geo Firewall automatically allows traffic in directly opposite direction only to that specific communication point. Timeouts specify how long the opposite direction for the connection point is open.
Example: Outgoing traffic to 'Fiji' is allowed, but the incoming traffic is blocked. In such case, a computer with Geo Firewall connecting to a website (via TCP) on 'Fiji' would be able to receive replies from 'Fiji' website until no packets are exchanged (the silence) for "TCP connection idle timeout" milliseconds.
Example: Outgoing traffic to 'Fiji' is allowed, but the incoming traffic is blocked. In such case, a computer with Geo Firewall issuing a 'ping' to a server on 'Fiji' would be able to receive a reply within 'IP-IP conversation idle timeout' milliseconds.
The activity log can be enabled or disabled. The disabling of activity log significantly improves overall system performance due to reduction in graphics redraws. The log can be persistent (stored to a hard drive) as a text file in CSV format. A log file contains records for a single day (until the midnight). Log files are automatically appended with the date of their creation. By default (when enabled), the persistent log files are stored into a system location accessible only by computer administrators. The location is recommended to be changed. The time zone for the events stored within the persistent log file can be GMT or based on the local time of the system where the Geo Firewall user interface runs.
Statistical data could be accumulated for a long time. It is aggregated in a way similar to log events. Inactivity timeout allows to remove from live statistics the events that happened some time in the past and did not recently happened for the specified timeout time.
White list of networks allows to specify the networks that will never be blocked. It usually contains IP addresses of local computers or administrative servers.
Geo definitions (Geo IP) database contains mappings between geographical territories and IP addresses. This database is in proprietary format. The program comes within the internal (embedded) Geo IP database that is used right after install. Updates to the Geo IP database can be downloaded from our website using this settings page. Depending on the product edition, the database can be set to update automatically at predefined time. The initial time is generated randomly upon the first program startup. The downloaded Geo IP databases are stored locally and can be applied manually when auto update is not enabled.
* Windows® is a registered trademark of the Microsoft Corporation.