Cisco Blogs
Share
tweet

Block a Country with my Cisco Router or Firewall

- February 15, 2012 - 2 Comments

Hi everyone. Starting this week, every Wednesday we are going to highlight a special security or wireless blog to round out our Borderless Networks theme. Today, we have a real treat for you with this security blog by Panos Kapanakis.  Here’s a nugget to pique your interest. Use the link to click through for more.

Problem:

We are often asked by customers about how they can prevent traffic from a certain country (let’s say country X) from entering their network. The motivations for doing this could vary. Sometimes a company does not do business with all countries in the world; therefore, the company doesn’t need to be accessible from all countries. Other times it is an issue of trust and security, where an administrator may not want to allow country X to enter their infrastructure. Finally, there are cases where country X has often been incriminated with malicious activity, so an administrator may want to block country X when there is no need for the organization to interact with this country. In this document I present a methodology on how to write a tool that provides the configuration lines to block country X, using your IOS router or ASA/ASASM firewall.

Read complete blog.

Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments

  1. Well, I agree with the point and in my opinion there are a few countries where lucrative markets exist so blocking the communication with other countries of little business value may not only improve security of network systems while indirectly will enhance the productivity through improvement in work flow.

    • That is a good point Usman. One more reason network admins might want to block a country.

Share
tweet