Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
1
Helpful
5
Replies

Geolocation blocking question

Go to solution
Eric Z
Level 1
Level 1

‎10-12-2023 10:35 AM

I'm trying to understand the way the Firepower 2100 series blocks source and destination connections.  If I have Russia source connections blocked and I open a Russian website from my internal network, will that website be displayed?  In other words, is the firewall smart enough to know that any replies from that website are part of my original sourced connection and allow that particular traffic from Russia back in or will it allow the url request to be sent out, but block any data coming back?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎10-12-2023 11:08 AM

Hello @Eric Z,

if you block source connections from Russia but allow an internal user to access a Russian website, the initial request will be allowed to go out based on your rule. When the response comes back from the Russian website, the firewall will recognize it as part of the established connection and allow that traffic back into your network, as it's considered a valid response to the initiated connection.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

5 Replies 5

Go to solution
M02@rt37
VIP
VIP

‎10-12-2023 11:08 AM

Hello @Eric Z,

if you block source connections from Russia but allow an internal user to access a Russian website, the initial request will be allowed to go out based on your rule. When the response comes back from the Russian website, the firewall will recognize it as part of the established connection and allow that traffic back into your network, as it's considered a valid response to the initiated connection.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
MHM Cisco World
VIP
VIP

‎10-12-2023 11:22 AM

I dont think so.

0 Helpful

Go to solution
M02@rt37
VIP
VIP

‎10-12-2023 11:29 AM - edited ‎10-12-2023 11:31 AM

@Eric Z 

I've juste tested with 2 differents fw, and I have different behavior lol.

Second effect: Even if the response from the Russian website is part of the established connection, it is not allowed back into the network because the source of the connection (my internal network) is blocked from communicating with Russian IPs. The firewall enforces the rule based on the source of the traffic.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
Eric Z
Level 1
Level 1
In response to M02@rt37

‎10-13-2023 05:17 AM

Thank you for testing this out!  I'm a little confused... You ran 2 tests with 2 differently configured fw(either firmware or firewalls?).  The first effect I'm assuming is like what you described in your first response, but the second effect sounds like you had incoming and outgoing connections blocked?  But if that was the case then you wouldn't have gotten a response from the Russian site because they wouldn't have gotten your request to begin with.  Just a little confused.

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to Eric Z

‎10-13-2023 05:26 AM

@Eric Z 

Consider the First answer.

Thanks.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card