Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
handiansudianto
Advisor

Block Countries

Hello,

If i have 2 rule like :

1st rule : source : country_A, dst : any, action : drop

2nd rule : source : LAN, dst : any, action : accept

 

With 2 kind of rule, will our internal rule will be block if our user access website located in country_A?

 

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend

Should block the answering package from country_A, but not the first one from user to website located in country_A.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
handiansudianto
Advisor

so when a user access website A located in country_A and because country_A only respond the traffic, so the user can access the website A. But if some host in country_A try to initiate the traffic to our internal resource, so the traffic will be blocked. Am i right?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Better verify this in LAB !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Yea, that sounds about right. All you need to remember is this...like with pretty much any firewall vendor in the world, policy is "measured" top to bottom, left to right, so based one xample you gave, INBOUND traffic from country_A would be blocked no matter what, as that rule comes first.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events