Meraki

Community

GEO Blocking for Cloud Print solution

rshappel
Conversationalist
‎Mar 5 2024 8:48 AM
‎Mar 5 2024 8:48 AM

GEO Blocking for Cloud Print solution

Good Day!  We are looking at a cloud print solution from Printix.  All the servers Printix uses are  in the Netherlands.  We GEO Block the Netherlands because of many other bad apples that work from that region.   Is there a way to punch a hole in that GEO block to an IP range?  Can we do it from Layer 3?  We use various MX devices throughout our org.   MX65W, MX64, MX84, MX95, MX100 and have about 95 locations throughout the US, Guam and Puerto Rico. 

 

Thanks for any help!  

Randal Shappell

Make-A-Wish America

Cloud System Admin

Labels:
0 Kudos
3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 5 2024 8:59 AM
‎Mar 5 2024 8:59 AM

Maybe it can work, but you need to test it first.

 

On the MX, if traffic matches an allow rule on the L3 firewall, it can still be blocked by an L7 firewall rule.

On the MX, HTTP traffic (TCP port 80) to Facebook.com will be blocked by the L7 firewall, because rule 1 under layer 7 explicitly blocks it, even though the traffic was allowed through the layer 3 firewall.

Layer 3 Rules

  1. Matched - Traffic allowed through L3 firewall
  2. Not processed
  3. Not processed

Layer 7 Rules

  1. Matched - Traffic blocked

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Layer_3_and_7_Firewal...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 5 2024 9:02 AM
‎Mar 5 2024 9:02 AM

and you can also block it by Ip range.

 

alemabrahao_0-1709658120564.png

MX Firewall Settings - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 5 2024 1:59 PM
‎Mar 5 2024 1:59 PM

@alemabrahao has some good suggestions - but on the whole, you can't do this.

 

Hopefully Printix will be able to offer a cloud hosted solution with a public cloud provider in another region.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.