Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

230

Using Objects and Security Zones

Working with Geolocation Objects

Chapter 4

Working with Geolocation Objects

: FireSIGHT

: Series 3, virtual, X-Series

: All except DC500

Each geolocation object you configure represents one or more countries or 

continents that the system has identified as the source or destination of traffic on 

your monitored network. You can use geolocation objects in various places in the 

system’s web interface, including access control policies and event searches. For 

example, you could write an access control rule that blocks traffic to or from 

certain countries. For information on filtering traffic by geographical location, see 

 on page 537.

To ensure that you are using up-to-date information to filter your network traffic, 

Sourcefire strongly recommends that you regularly update your Geolocation 

Database (GeoDB). For information on downloading and installing GeoDB 

updates, see 

 on page 2174.

You cannot delete a geolocation object that is in use. Additionally, after you edit a 

geolocation object used in an access control policy, you must reapply the policy 

for your changes to take effect.

To add a geolocation object:

: Admin/Access Admin/Network Admin

1. Select Objects > Object Management.

The Object Management page appears.

2. Select Geolocation.

The Geolocation Objects page appears.

3. Click Add Geolocation.

The Geolocation Object pop-up window appears.

4. Type a Name for the geolocation object. You can use any printable standard 

ASCII characters except curly braces (

{}

).