GEO Location service for ASA
“Next Generation cybersecurity on existing infrastructure!
Geolocation-based blocking and advanced malware defenses. Designed for effortless setup, it integrates seamlessly, requiring minimal changes to your existing configuration.
Strengthen your network’s security today with a simple add-on.”
Read more about GEO location blocking in ASA
Key Features
Background
Geolocation blocking is essential for enhancing cybersecurity by restricting access from high-risk regions, ensuring compliance with legal regulations, and tailoring content distribution based on geographic rights, thereby safeguarding sensitive data and networks from potential cyber threats.
However, the core Cisco ASA platform, still used in many solutions, does not include a geo-blocking feature, and implementing it using a dynamically built access list does not scale due to the size of the required access lists.
Solution
GSA blocks unwanted sessions by processing the syslog messages from the firewall and issuing a ‘shun’ command on the firewall. The advantage of the shun command is that it scales far beyond the maximum lines in access lists that the firewall can manage. In most practical setups, it scales beyond the normal traffic performance of the firewall.
CGSA maintains a rolling update of its cached geolocation database from ipinfo.io, ensuring that the database is refreshed while still using limited sessions with the service.
To further enhancing the protection CGSA has additional feature to block known malware and botnet sites.
Supported Platform
All Cisco ASA based firewall, both physical and virtual.
Requirements
Geolocation Service subscription
GSA is using a cloud service to update its IP to Country database.
The customer needs an “API access/Basic” subscription from ipinfo.io.
Server
GSA is installed as a service on a Windows Server. The server must be provided and maintained by the customer.
The Windows version must support dot.net 4.x (ie. Server 2008 and upwards).
Network access
- HTTPS access from CGSA to Geolocation Service
- Syslog access from ASA Firewall(s) to CGSA
- SSH access from CGSA to ASA Firewall(s) for initial setup only
Installation
GSA is delivered as a regular windows installer and is installed by the customer.
Monitoring
Monitor the GSA windows service using any standard windows monitoring tool to ensure that the service is running. Blocked IP addresses and statistics for blocked/non-blocked country is available in the windows registry database and in the GSA management GUI.
License
GSA is sold with a perpetual license for the delivered version. The customer is free to use GSA in the delivered version indefinitely. Upgrades to new version will be subject to an upgrade fee.
Service Level
GSA is a Conscia Snowflake. It is sold ‘as-is’ without warranties or guarantees. Support is limited and provided on a best-effort basis only, without any guaranteed service level for bug fixes, troubleshooting, or compatibility issues. Customers should be prepared to independently manage and resolve operational challenges, including potential uninstallation of GSA.
Any required assistance, if provided, from Conscia will be subject to a fee.
Feature Request and Roadmap
The GSA platform does not have a committed roadmap. Anticipate non or limited incremental enhancements and adjustments to accommodate potential changes in connected services (e.g., Windows, ASA, and Geolocation service).
Feature requests are addressed on a best-effort basis, and any work provided is subject to a fee.
Getting started
Ready to start implementing GEO location blocking on your Cisco ASA? Use the Request Quote form to get a Quote and book at short obligation free online meeting.