Skip to main content

 

 

Cisco Defense Orchestrator

Create and Edit a Firepower Geolocation Filter Object

About Geolocation Objects

A geolocation object defines countries and continents that host the device that is the source or destination of traffic. You can use these objects in policies to control traffic instead of using IP addresses. For example, using geographical location, you could easily restrict access to a particular country without needing to know all of the potential IP addresses used there.

You can typically select geographical locations directly in a policy without using geolocation objects. However, an object is convenient if you want to create several policies for the same group of countries and continents.

Update Geolocoation Database

To ensure that you are using up-to-date geographical location data to filter your traffic, Cisco strongly recommends that you regularly update the geolocation database (GeoDB). At this time, this is not a task that you can perform using Cisco Defense Orchestrator. See these two articles in the Firepower Device Manager documentation to learn more about the GeoDB and how to update it.

Create a Geolocation Object

You can create a geolocation object by itself on the object page or when creating a security policy. This procedure creates a geolocation object from the object page. 

  1. Click Objects to view the Objects page. 
  2. Click Create Object > FTD > Geolocation.
  3. Enter an object name for the object and optionally, a description.
  4. In the filter bar, start typing the name of a country or a region and you are presented with a list of possible matches.
  5. Check the country, countries, or regions that you want to add to the object.
  6. Click Add.

Edit a Geolocation Object

  1. Click Objects to view the Objects page. 
  2. Use the filter panes and search field to locate your object. 
  3. In the Actions pane, click Edit.
  4. You can change the name of the object and add or remove countries and regions to your object.
  5. Click Save.
  6. You will be notified if any devices are impacted. Click Confirm.
  7. If a device or policy was impacted, open the Devices & Services page and Preview and Deploy the changes to the device. 

 

Related Topics