I currently have a case oven with Meraki support on this issue. Basically, the source country for any give IP can be different between what is being displayed in the security center and the actions you may take under layer 7 blocking (at the least). I've been experiencing hack attempts on FTP server over the last week. Security Center reports that the IP is from Seychelles. I go and block Seychelles but the hack attempts continue. WTF??? Well it appears that the security center uses Cisco SourceFIRE but layer 7 blocking uses Maxmind. I can't believe that cisco wouldn't make sure that the information given in security center matches, across the board, with all other functions within Meraki. Isn't this what we're paying for? Oh, and the exact words from Meraki support - " So if you want to block it in layer 7, you have to put "netherland" (and "turkey" maybe) instead of "seychelles"" Turkey, maybe...? Great! Meraki support doesn't even know.
... View more