Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1864
Views
4
Helpful
9
Replies

Traffic blocking on FTD using Geolocation doesnt work properly

mikeyasg
Level 1
Level 1

‎06-27-2023 06:20 AM

Dear Community,

Due to excessive malicious attempts to our network we decided to block traffic that come from specific countries on our Firepower Threat Defence. But we are still having attempts that bypassed the geolocation rule. the log shows that their source address belongs to the location that we added the geolocation blocking rule. How is this possible? any idea on how to resolve this issue?

0 Helpful
9 Replies 9

MHM Cisco World
VIP
VIP

‎06-27-2023 06:25 AM - edited ‎06-27-2023 06:26 AM

check this 
Using the Firepower geolocation | Blue Network Security (bluenetsec.com)

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎06-27-2023 07:25 AM

@mikeyasg by the way @Aref Alsouqi  who is write this article.
so you have answer by professional @Aref Alsouqi  

0 Helpful

Aref Alsouqi
VIP
VIP
In response to MHM Cisco World

‎06-27-2023 07:46 AM - edited ‎06-27-2023 07:46 AM

thank you friend

Aref Alsouqi
VIP
VIP

‎06-27-2023 07:17 AM - edited ‎06-27-2023 07:18 AM

As per the link @MHM Cisco World shared, unfortunately the FTD doesn't support blocking the geo traffic to itself. It can apply the enforcement on the transit traffic though, but not the traffic destined to itself.

mikeyasg
Level 1
Level 1

‎06-29-2023 05:13 AM

Thank You @Aref Alsouqi @MHM Cisco World  for the support but what we did is exactly as mentioned in the link. The traffic that we wanted to block was the traffic that is destined to our internal network and to our DMZ. But still we are getting those traffics.

0 Helpful

MHM Cisco World
VIP
VIP
In response to mikeyasg

‎06-29-2023 05:18 AM

Friend @Aref Alsouqi mention below 

""FTD doesn't support blocking the geo traffic to itself""

So it ftd limitations.

0 Helpful

mikeyasg
Level 1
Level 1
In response to MHM Cisco World

‎06-29-2023 05:34 AM

these traffics are not destined to the FTD itself rather they are going through the FTD to the internal networks. so they should have been blocked unless we missed something.

 

MHM Cisco World
VIP
VIP
In response to mikeyasg

‎06-29-2023 06:01 AM

Can I see policy you use.

Thanks 

MHM

0 Helpful

Aref Alsouqi
VIP
VIP
In response to mikeyasg

‎06-29-2023 06:43 AM

Is the geodb updated on your FMC? if so, could you please check any of those IP addresses that are still getting through and see if you can find them in the "ipv4_country_code_map" on the FMC? if so, please take the country code and check if that code is associated to the right country in the "geoDBInfo.csv" file on the FTD.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card