06-27-2023 06:20 AM
Dear Community,
Due to excessive malicious attempts to our network we decided to block traffic that come from specific countries on our Firepower Threat Defence. But we are still having attempts that bypassed the geolocation rule. the log shows that their source address belongs to the location that we added the geolocation blocking rule. How is this possible? any idea on how to resolve this issue?
06-27-2023 06:25 AM - edited 06-27-2023 06:26 AM
06-27-2023 07:25 AM
@mikeyasg by the way @Aref Alsouqi who is write this article.
so you have answer by professional @Aref Alsouqi
06-27-2023 07:46 AM - edited 06-27-2023 07:46 AM
06-27-2023 07:17 AM - edited 06-27-2023 07:18 AM
As per the link @MHM Cisco World shared, unfortunately the FTD doesn't support blocking the geo traffic to itself. It can apply the enforcement on the transit traffic though, but not the traffic destined to itself.
06-29-2023 05:13 AM
Thank You @Aref Alsouqi @MHM Cisco World for the support but what we did is exactly as mentioned in the link. The traffic that we wanted to block was the traffic that is destined to our internal network and to our DMZ. But still we are getting those traffics.
06-29-2023 05:18 AM
Friend @Aref Alsouqi mention below
""FTD doesn't support blocking the geo traffic to itself""
So it ftd limitations.
06-29-2023 05:34 AM
these traffics are not destined to the FTD itself rather they are going through the FTD to the internal networks. so they should have been blocked unless we missed something.
06-29-2023 06:01 AM
Can I see policy you use.
Thanks
MHM
06-29-2023 06:43 AM
Is the geodb updated on your FMC? if so, could you please check any of those IP addresses that are still getting through and see if you can find them in the "ipv4_country_code_map" on the FMC? if so, please take the country code and check if that code is associated to the right country in the "geoDBInfo.csv" file on the FTD.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide