cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Layer 7 rule to block countires

Getting noticed

Layer 7 rule to block countires

I see in the new Security Center there is an option to block IP or block country.  The block country option creates a Layer 7 rule for the corresponding country. 

Does anybody use this?   

It's tempting to block some countries I could never see us sending traffic to or from. 

12 REPLIES 12
Getting noticed

Re: Layer 7 rule to block countires

Yes, We use it for a few... it works pretty well too... we had to remove one country... 

New here

Re: Layer 7 rule to block countires

Different countries are assigned different blocks of IP numbers.  I looked at a list of top hacker countries and blocked all of them that I thought we would never have any dealings with.   It's a good idea to block bots and porn under content filtering lots of infections come in that way.

 

 

 

blocked countries.JPG

New here

Re: Layer 7 rule to block countires

Be mindful that a long list of countries can cause TCP timeouts on your internet connections.  It happened to me.  It's great that Meraki has a very easy-to-use packet capture tool to troubleshoot the issue.

Meraki Employee

Re: Layer 7 rule to block countires

Sometimes our customer get frequent attacks from specific countries, which Geo-based Firewall rules can help in mitigating any risks while investigating who is the attackers and how to apply rules to block them.

Highlighted
Here to help

Re: Layer 7 rule to block countires

Is there an easy way to block specific countries (specifically emails from China) if we do not have the advanced security license?

Meraki Employee

Re: Layer 7 rule to block countires

You might need to consider email filtering solution to filter out email from certain countries. 

Comes here often

Re: Layer 7 rule to block countires

Will Meraki SD-WAN have the all the MX Enterprise and or Advanced security features integrated?

Meraki Employee

Re: Layer 7 rule to block countires

I am not sure if I get your question but could you elaborate more about the integration you are looking for?

Comes here often

Re: Layer 7 rule to block countires

With Meraki SD-WAN, what are the security features/ licenses the MX will be provided with. Is Meraki looking to have source fire, NGIPS and Meraki insights? Thank you.  

Meraki Employee

Re: Layer 7 rule to block countires

@Chandra2 Meraki MX has 2 licenses, Enterprise and Advanced Security. All the SD-WAN features (Auto VPN, traffic shaping, Policy based routing, etc.) are a part of the Enterprise License. Meraki Insight is a separate product and requires its own license.

 

For more info on what's included with the 2 separate MX license, you can look here under "MX licensing options"

 

Screen Shot 2018-12-17 at 1.48.45 PM.png

Meraki Employee

Re: Layer 7 rule to block countires

Meraki SD-WAN is feature that available on both Enterprise and Advanced so if you are looking for IPS, Content filtering, you will need to go with the Advanced license and this will still cover SD-WAN. Meraki Insight is additional license to the MX in general that you can buy on top of either Enterprise or Advanced license of the MX.

In regards Cisco SourceFire and NGIPS, we keep integrating with Cisco product more and more whenever we see benefits to do so.
Here to help

Re: Layer 7 rule to block countires

We've found it useful to just allow certain countries rather than deny a huge list.

 deny.png

 

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.