Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3884
Views
0
Helpful
1
Replies

ASA 5516 / FirePower - GEO Blocking Question

Quintin.Mayo
Level 3
Level 3

‎05-20-2020 10:29 AM

Hi,

 

We realized that we have a number of countries in access control policies where traffic is blocked coming into the network but a lot of these countries are not selected in object management. This might be a misunderstanding on our part, but we thought that the countries needed to be selected in object management for the geo location block to work. I'll attach screenshots for this as well, our apologies if this is a misunderstanding on our part.  

 

Also,

We have been trying to locate documentation on how to setup geo blocking, can anyone provide a link for this?

 

Thanks,

Preview file
104 KB
Preview file
163 KB
Preview file
40 KB
Preview file
84 KB
0 Helpful
1 Reply 1

tebedwel
Cisco Employee
Cisco Employee

‎05-20-2020 11:29 AM

Hello Quintin,

     You do not have to do anything within object management. Simply adding the Geo criteria (Country/Continent) to the rule is sufficient. The object manager allows you to create your own named groups of country/continent that can then be used in the Access Rule. Leveraging the object mechanism on FMC is generally optional as most columns in the access rules allow literal values as well as objects.

 

I hope it helps!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card