Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1560
Views
5
Helpful
1
Replies

Geolocation and prefilter on FTD.

nwtimberlake75
Beginner
Beginner

‎01-08-2021 06:34 AM - edited ‎04-16-2021 10:07 AM

Is there any chance that Geolocation will ever be available for use in prefilter rules?

 

What I would like to do is have a prefilter rule that will exempt certain subnets from undesirable locations - just analyze the traffic and pass onto the ACP, and a second rule with all of the locations that we want to block.

 

This can be done within the ACP, but the powers that be do not feel comfortable with using Geolocation in allow rules (replacing allow "any" with something like allow "obj-geolocation-allow and obj-geoblock-exclude" (this group is specific subnets included in locations not selected in obj-geolocation-allow)).

_cisco.JPG

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend

‎01-08-2021 09:02 AM

I haven't seen it on any Cisco roadmap so far.

We have also been hoping for Geolocation to be used in a control plane ACL to restrict remote access VPN users.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents