Hello.

I have a ASA 5525-X with Firepower.

I want to block all traffic into Web Server without some country, but I don't work properly.

My firewall is separated into ASA and Firepower(I'm manage it in FMC).

It is my rule ↓

===============================================================

1. ASA Rule

Any -> Web Server ALLOW

2. Firepower Rule(FMC)

South Korea, Japan -> Web Server ALLOW

Any -> Web Server BLOCK

==============================================================

But Web Server engineer told me that Web Server had a lot of connection log from other countries(US, Italy, Brazil....)

When I tested my rule, I can't open web page in my browser, but Web Server had a connection log(My PC ip / GET / HTTP 1.1 404... something like that)

Therefore, I think firepower blocks web browser connection well, but it can't block tcp handshake and HTTP signal properly.

And I found that firewall pass a tcp handshake and http signal packets in firewall packet capture.

I have to block traffic from hunreds coutries, so I can't make a block rule manually.

I tried to change action to 'block with reset', It didn't work.

Can you give me some advice?