Layer 7 - country rules

Gordon
Getting noticed

Layer 7 - country rules

I added a rule to block all traffic not to/from a set list of countries.   I am still seeing traffic coming from countries that are not on the list.  I contacted support and they informed me that the layer 7 rule only applies to outgoing traffic not incoming which doesn't make sense to me.  The rule specifically states to/from so to me that would be both directions.  I understand that blocking by country is not exact but in this case when the system identifies the country and it is not on the list it should be blocked. 

4 Replies 4
SoCalRacer
Kind of a big deal

You might see it in security center. There you can block incoming threats, its not all traffic, but might be good enough.

I see it in the security centre and I have blocked different threats.   

 

It is just if a rule states that traffic not from/to a country is to be denied then, to me that means traffic originating from a country not on the list should be blocked.  And when I check the event logs in the security center it does show that traffic being allowed.

SoCalRacer
Kind of a big deal

Default all countries are allowed. You can block by country in Security Center, that should block inbound not outbound

I don't want to block by country.  

 

The rule states "Deny - countries - Traffic not to/from - list of countries

 

So that to me means that traffic to a country not on the list is denied and traffic from a country not on the list is denied.

 

This is much easier than having about 180 countries on a deny list, much easier to manage.

Get notified when there are additional replies to this discussion.