Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
3
Helpful
2
Replies

Cisco ASA and Firepower - GeoFiltering

Go to solution
LovejitSingh130013
Level 1
Level 1

‎04-21-2023 11:01 AM

 

Hello Experts, 

I had Russia blocked as GeoFilter in Firepower and policy is deployed successfully. 

When I run Packet-tracer command, it showed allow.  Is it normal ?  Or my Firepower policy is not in place?

 

Thanks,

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP

‎04-22-2023 01:04 AM

Geolocation filter blocks the transit traffic through the firewall, not the traffic destined to the firewall itself. Please take a look at this post of mine with some examples:

https://bluenetsec.com/ftd-geolocation/

View solution in original post

2 Replies 2

Go to solution
Kasun Bandara
VIP
VIP

‎04-21-2023 07:22 PM - edited ‎04-21-2023 07:36 PM

@LovejitSingh130013  how you ran packet tracer for geofilter? packet tracer is only looking for IP and not for geolocation. additionally, make sure you have correct service rule to traffic filter.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Go to solution
Aref Alsouqi
VIP
VIP

‎04-22-2023 01:04 AM

Geolocation filter blocks the transit traffic through the firewall, not the traffic destined to the firewall itself. Please take a look at this post of mine with some examples:

https://bluenetsec.com/ftd-geolocation/

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card