Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
230
Using Objects and Security Zones
Working with Geolocation Objects
Chapter 4
Working with Geolocation Objects
L
ICENSE
: FireSIGHT
S
UPPORTED
D
EVICES
: Series 3, virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: All except DC500
Each geolocation object you configure represents one or more countries or
continents that the system has identified as the source or destination of traffic on
your monitored network. You can use geolocation objects in various places in the
system’s web interface, including access control policies and event searches. For
example, you could write an access control rule that blocks traffic to or from
certain countries. For information on filtering traffic by geographical location, see
To ensure that you are using up-to-date information to filter your network traffic,
Sourcefire strongly recommends that you regularly update your Geolocation
Database (GeoDB). For information on downloading and installing GeoDB
updates, see
You cannot delete a geolocation object that is in use. Additionally, after you edit a
geolocation object used in an access control policy, you must reapply the policy
for your changes to take effect.
To add a geolocation object:
A
CCESS
: Admin/Access Admin/Network Admin
1. Select Objects > Object Management.
The Object Management page appears.
2. Select Geolocation.
The Geolocation Objects page appears.
3. Click Add Geolocation.
The Geolocation Object pop-up window appears.
4. Type a Name for the geolocation object. You can use any printable standard
ASCII characters except curly braces (
{}
).