How to configure geo-based firewall rules
To enable filtering based on geographic locale, simply navigate to Configure > Firewall in the Meraki dashboard. We’ve updated our familiar Layer 7 firewall rule definition tool to include a country drop-down menu. You have two options when creating a geo-based IP rule: either define the countries you wish to block access to (selectively block), or define the countries you wish to permit access to (selectively allow). For example, you could selectively allow Germany—and only Germany—if you wish to ensure no packets leave German borders. Or, in keeping with our earlier example, you may wish to create a rule to selectively allow both Indian and US traffic—and nothing else.
You can now selectively block or permit traffic between your network and various countries using the MX’s Geo-based IP firewall rules.
Behind the scenes, the MX filters by public IP address blocks assigned to each country, making it easy to enforce geo-based security. These IP ranges are updated monthly, ensuring efficacy.
In addition to being able to restrict or allow traffic based on geography, the MX now provides geographic visibility into traffic flows. Simply navigate to Monitor > Traffic analysis to view where in the world traffic to (or from) your network is arriving from (or destined).
Viewing MX traffic analysis will now show the geography of traffic flow destination.
Geo-based IP firewall rules are included in our upcoming MX summer update, and will be automatically rolled out to existing Advanced Security customers. For more information about our MX security appliances, check out the Meraki website