Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
0
Helpful
1
Replies

Question: On FMC Access Control Rule - Is Source and Destination Networks an OR Operator?

Lucas Phelps
Level 5
Level 5

‎05-08-2018 10:02 AM - edited ‎02-21-2020 07:44 AM

I've created a Geolocation list of countries I want to block.   Do I put it in my Access Control list as the destination network, source network, or both?

 

If I put the geo list in both, does the FMC interpret it as an AND operator?  Meaning the traffic has to be sourced from and destined to the bad countries?   Or is it one or the other?

 

Thank you!

Labels:
0 Helpful
1 Reply 1

mikael.lahtela
Level 4
Level 4

‎05-09-2018 12:43 AM

Hi,

The AP rule is "and" rule, so if everything matches in the rule it will use that rule.
If I understand your question correctly if you have blacklist source geo and blacklist destination geo the traffic will block between blacklisted countries, but not if one of them are "white".

br, Micke
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card