Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1687
Views
5
Helpful
2
Replies

Blocking By GeoLocation for international business teams

Travis-Fleming
Level 1
Level 1

‎06-18-2021 11:56 AM

Hello,

We recently changes our firewall policies on our FMC to block a lot more countries by GeoLocation then we ever have. In the same coin my company does a lot of international business, mostly with Germany, Finland, Norway, Japan, Spain, Canada.

 

When users of our international team come to me saying, hey why can't you just unblock all of Spain for example, is there some Cisco branded documentation or reports that have recent statistics for cybersecurity attacks in 2020 or so by country of origin? That way I can fire back and say, well country X was responsible for Y% of cyber attacks against the US in 2020 type of deal.

 

Right now we have a few companies in Japan we are working with so I've unblocked the individual IP's of their web servers while still blocking Japan as a whole. I guess if there was a report that gave me more of a warm-fuzzy about Japan, or Spain I would be more inclined to unblock that GeoLocation so I can stop playing wack-a-mole.

 

Hope that makes sense.

1 person had this problem
0 Helpful
2 Replies 2

Travis-Fleming
Level 1
Level 1

‎06-18-2021 12:13 PM - edited ‎06-18-2021 12:14 PM

One possible solution I've come up with is to sync the AD security group the international sales team is in and being less strenuous on the countries that are blocked for them. So let the international sales team talk to web servers in Japan, but not your average user.

 

The problem is we also use Citrix Workspaces, and some of the sales team is remote going through a Citrix server, and I've found the user associated with a citrix server isn't always accurate in the firewall logs.

0 Helpful

rschlayer
Level 4
Level 4

‎06-21-2021 12:30 AM

Honestly, I would not block most of Europe.

I only block China und Russia if (and only if) there are no business needs but blocking countries like Spain, Germany etc. seems like asking for trouble. So if your company has business partners in Spain, I would not block Spain for example.

 

Most successful hacks use social engineering or local isp breakouts in the targets location so geo blocks will not help anyway.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card