- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where can I find if a site is being blocked by Layer 7 country blocking?
I have enabled Layer 7 blocking of all traffic that is NOT from/to United States, United Kingdom, Canada, Mexico because we do no business outside these countries. However, I've found that users on local internet cannot access Netflix occasionally on our Guest WiFi.
Is there any logging to see if site access is being denied by this layer 7 rule?
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is definitely not logged. I've worked with support on this and it drives me crazy that it doesn't get logged somewhere. Makes troubleshooting a lot more difficult. Equally silly is that you can't whitelist an IP to avoid it from being blocked by the Layer 7 country firewall. So if you have a website that you need to get to that is in a country you have blocked. You have to unblock that whole country.
Note: I know country blocking is not an iron clad security practice. Layered defense my friends.
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think there's any logging but you could do a packet capture to see what's happening as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks. I turned off the rule then looked at traffic analysis for Netflix application and found that it reaches out to Ireland for some cases. I allowed Ireland in the country list and that fixed it this time. I was just hoping there was a event viewer that I was missing that showed the layer 7 blocking. That would be a nice filter to see.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I hear the tax situation in Ireland is beneficial 😉
Glad you got it sorted out!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It might be visible under:
Security Appliance/Security Centre/Events
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@PhilipDAthwrote:It might be visible under:
Security Appliance/Security Centre/Events
No dice unfortunately. I navigated to the government of Brazil website about 2 hours ago as we block Brazil and I just checked the events and the most recent one is from March 25th. I guess that's a good thing, haha.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is definitely not logged. I've worked with support on this and it drives me crazy that it doesn't get logged somewhere. Makes troubleshooting a lot more difficult. Equally silly is that you can't whitelist an IP to avoid it from being blocked by the Layer 7 country firewall. So if you have a website that you need to get to that is in a country you have blocked. You have to unblock that whole country.
Note: I know country blocking is not an iron clad security practice. Layered defense my friends.
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And this is another wish. It would be nice if the end user got some kind of splash screen if they tried going to a website hosted in a country that's blocked. Instead they think there's a problem with "the internet".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@mmmmmmark wrote:And this is another wish. It would be nice if the end user got some kind of splash screen if they tried going to a website hosted in a country that's blocked. Instead they think there's a problem with "the internet".
Agreed right now they get no message and, worst yet, it doesn't even get logged in the event log for us to identify.
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yea, I lost so much time in the past trying to track down websites that wouldn't load for clients due to country blocking that I've all but disabled it across all my clients. It's just not worth the trouble presently.
It needs a end-user splash page, event logging, and a way to bypass single domains/IP's vs. having to open the entire country.
