Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
159
Views
0
Helpful
1
Replies

Network Feed in an ACL on Firepower

sasha
Level 1
Level 1

‎07-24-2023 06:20 AM - edited ‎07-24-2023 06:21 AM

Hello. Is it possible to create an ACL on Firepower which gets IP adresses to block from a network feed?

We have a custom network feed, auto-populated on a given number of failed RA VPN login attempts in a time interval. The feed is on a RADIUS server which authenticates RA VPN users.

So, we want to block IP addresses in the feed from connecting to the RA VPN. But as far as I see, the only way to block RA VPN by IP is a control plane ACL via FlexConfig.

Any ideas? Thanks.

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎07-24-2023 06:24 AM

@sasha yes you can create feeds to block IP address, but that is for traffic "through" the firewall and will not help you block traffic "to" the firewall for RAVPN connections.

Your options are (currently) block using control-plane ACL via FlexConfig, ACL on upstream switch or use a MFA solution with Geolocation.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card