Layer 7 - country rules

Gordon
Getting noticed

Layer 7 - country rules

I added a rule to block all traffic not to/from a set list of countries.   I am still seeing traffic coming from countries that are not on the list.  I contacted support and they informed me that the layer 7 rule only applies to outgoing traffic not incoming which doesn't make sense to me.  The rule specifically states to/from so to me that would be both directions.  I understand that blocking by country is not exact but in this case when the system identifies the country and it is not on the list it should be blocked. 

4 REPLIES 4
SoCalRacer
Kind of a big deal

You might see it in security center. There you can block incoming threats, its not all traffic, but might be good enough.

I see it in the security centre and I have blocked different threats.   

 

It is just if a rule states that traffic not from/to a country is to be denied then, to me that means traffic originating from a country not on the list should be blocked.  And when I check the event logs in the security center it does show that traffic being allowed.

SoCalRacer
Kind of a big deal

Default all countries are allowed. You can block by country in Security Center, that should block inbound not outbound

I don't want to block by country.  

 

The rule states "Deny - countries - Traffic not to/from - list of countries

 

So that to me means that traffic to a country not on the list is denied and traffic from a country not on the list is denied.

 

This is much easier than having about 180 countries on a deny list, much easier to manage.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels