cancel
Showing results for 
Search instead for 
Did you mean: 

Geoblocking causes Facebook to be unavailable?

New here

Geoblocking causes Facebook to be unavailable?

It didn't make sense to me, but the morning after I installed an MX-64 with advanced security, the client site was unable to get to Facebook. It seems to be Geoblocking doing it because once I removed the rule, the users were able to load FB in their browsers.

 

I had the layer 7 rule configured such that only traffic from the US and Canada was allowed (client site in the US).

 

I pinged and traced to Facebook from the client site, and it was a few hops away in a DFW data center (at least the farm my client network hits). I could ping it, traceroute to it, but not connect on port 80 or 443 to it. 

 

Any idea what I am not seeing?

 

Thanks,

 

Dallas

5 REPLIES 5
Head in the Cloud

Re: Geoblocking causes Facebook to be unavailable?

Take a closer look at the traffic (packet capture) when you load a FB page.  You will see it loads content from dozens if not hundreds of sites and many of them may be outside the US.

 

 

Head in the Cloud

Re: Geoblocking causes Facebook to be unavailable?

Or it is also possible the geolocation database has some incorrect information too.  Either way, if you try to lock your network down to US and Canada traffic only you will need to be prepared to start whitelisting things.

Kind of a big deal

Re: Geoblocking causes Facebook to be unavailable?

And when you block stuff with those layer 7 rules it makes it hard to diagnose what to whitelist because the blocks don't show up in the event logs.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
New here

Re: Geoblocking causes Facebook to be unavailable?

Going to verify with packet captures, but adding Ireland back in did the trick.

 

I have (on other sites with less restrictive lists) had to add Singapore, Australia, and the UK for all our agents to show up in the WebrootPortal.

Kind of a big deal

Re: Geoblocking causes Facebook to be unavailable?

A modern web page is made of of lots and lots of components.  Many of these components are from third parties.  Simply testing access to facebook.com is not sufficient.

 

My guess is something that the Facebook page is dependent on is falling into the geo block.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.