Hey all,
I'm trying to implement a geoblock for China but it doesn't seem to be working. I've not really touched FirePOWER before so I'm not sure if I'm doing something wrong, but here's the configuration:
Action: Block with reset Source Networks: China + One IP in another country for testing Destination Networks: 192.168.100.0/24 Selected Source Ports: Any Selected Destination Ports: FTP
The rule is placed as rule 1 inside my policy and has been deployed to my HA pair without issues, but it seems to be getting no rule hits and I'm still able to nmap the ports from my specific public IP mentioned above.
My intrusion policy on the rule is set to "None" but I'm unable to change it so I'm going to assume that's normal while blocking is the chosen action.
Any thoughts?
===============[ Rule Set: (User) ]================ ----------[ Rule: Block China to DMZ FTP ]---------- Action : Block-with-reset ISE Metadata : Source Networks : Public IP China Destination Networks : 192.168.20.221 Destination Ports : FTP (protocol 6, port 21) URLs Logging Configuration DC : Disabled Beginning : Disabled End : Disabled Files : Disabled Safe Search : No Rule Hits : 0 Variable Set : Default-Set
No comments:
Post a Comment