CINXE.COM

Site Localization - Cisco Meraki Documentation

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Site Localization - Cisco Meraki Documentation</title> <link media="screen" type="text/css" rel="stylesheet" href="https://a.mtstatic.com/@cache/layout/legacy.css?_=4697dd37726fed7979fe7b0f4ce2bd05_ZG9jdW1lbnRhdGlvbi5tZXJha2kuY29t:site_13505" id="mt-screen-css" /> <link media="print" type="text/css" rel="stylesheet" href="https://a.mtstatic.com/@cache/layout/print.css?_=c5d69afcac31700ff9758fde125e8285:site_13505" id="mt-print-css" /> <script type="text/javascript" nonce="5a9b146cc6f8d33a2d6f7b4c0bcfc178fc375d3a3b0d6a3c557f41103cce85e6" src="https://a.mtstatic.com/deki/javascript/out/grape.min.js?_=aae9f894b8b9c897d72439fee4980c96b51ba5ff:site_13505"></script><script type="application/json" id="mt-global-settings" nonce="5a9b146cc6f8d33a2d6f7b4c0bcfc178fc375d3a3b0d6a3c557f41103cce85e6">{"apiToken":"xhr_2_1732380748_9971f0c81b5f01e514a9f2cf0eb880bb8e107fb0d7a97157b234b5777c46fd1c","pageId":9747,"pageViewId":"c006c523-345c-4b7e-8799-81e8fd02531a"}</script> <script type="text/javascript" nonce="5a9b146cc6f8d33a2d6f7b4c0bcfc178fc375d3a3b0d6a3c557f41103cce85e6">(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create','UA-51174192-2','documentation.meraki.com',{allowLinker:true});ga('send','pageview');ga('create','UA-65721316-2','documentation.meraki.com',{name:'mtTracker',allowLinker:true});ga('mtTracker.require','linker');ga('mtTracker.set', 'anonymizeIp', true);ga('mtTracker.send','pageview');document.addEventListener('mindtouch-web-widget:f1:loaded',function(e){var t=e.data||{},d=t.widget;d&&''!==t.embedId&&document.addEventListener('mindtouch-web-widget:f1:clicked',function(e){var t=(e.data||{}).href;if(t){var n=document.createElement('a');n.setAttribute('href',t),'expert-help.nice.com'===n.hostname&&(e.preventDefault(),ga('linker:decorate',n),d.open(n.href))}})});</script> </head> <body class="columbia-page-main columbia-article-howto columbia-breadcrumb-home-ciscoplussecureconnect-ciscosecureconnecttroubleshootingguides-sitelocalization columbia-live no-touch columbia-lang-en-us columbia-skin-grape"> <div class="grape-messaging"> </div> <div class="grape-header-custom"> <script async="async" src="https://www.googletagmanager.com/gtag/js?id=G-NHZZG7QL8R"></script><script>/*<![CDATA[*/ window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-NHZZG7QL8R'); /*]]>*/</script><script src="//use.typekit.net/hum1oye.js"></script><script>/*<![CDATA[*/try{Typekit.load();}catch(e){}/*]]>*/</script> <div class="mt-header-help"><div class="mt-header-help-container"><div class="mt-logo-container"><div class="mt-logo"><a class="internal" href="https://documentation.meraki.com/" rel="internal"><img class="mt-cdn" src="https://documentation.meraki.com/@api/deki/site/logo?default=https%3A%2F%2Fdocumentation.meraki.com%2F%40cdn%2F%40style%2Fcommon-legacy%2Fimages%2Flogo.png" alt="" /></a></div></div><div id="navcontainer"><ul id="navlist"><li><a href="https://account.meraki.com/secure/login/dashboard_login" target="_blank" rel="external noopener nofollow" class="link-https">Dashboard</a></li><li><a href="https://community.meraki.com/" target="_blank" rel="external noopener nofollow" class="link-https">Community</a></li><li><a href="https://meraki.cisco.com/support" target="_blank" rel="external noopener nofollow" class="link-https">Support</a></li><li><a id="current" href="https://meraki.cisco.com/form/contact" target="_blank" rel="external noopener nofollow" class="link-https">Contact Sales</a></li></ul></div></div><div class="mt-header-search"><div class="mt-help-search mt-lsf-search" id="mt-portfolio-search"><script type="application/json" id="mt-localizations-help-widget">/*<![CDATA[*/{"Help.Widget.button.text":"Search","Help.Widget.label.text":"Query","Help.Widget.placeholder.text":"Search Site Localization"}/*]]>*/</script><div class="mt-inputredirect" data-query-key="q" data-path="CiscoPlusSecureConnect/Cisco___Secure_Connect_Troubleshooting_Guides/Site_Localization"></div></div></div></div> </div> <div class="grape-header grape-wrapper"> <div class="grape-header-container grape-wrapper-container"> <div class="grape-site-logo"> <a class="logo-anonymous" href="/" title="Cisco Meraki Documentation"> <img class="mt-cdn" src="https://a.mtstatic.com/@public/production/site_13505/1603418436-logo.png" alt="Cisco Meraki Documentation" title="Cisco Meraki Documentation"> </a> </div> <div class="grape-site-navigation"> <ul class="mt-site-nav"> <li class="mt-login-sign-in"> <a class="mt-icon-quick-sign-in" href="https://documentation.meraki.com/@app/auth/4/login?returnto=https%3A%2F%2Fdocumentation.meraki.com%2FCiscoPlusSecureConnect%2FCisco___Secure_Connect_Troubleshooting_Guides%2FSite_Localization" title="Sign in"> Sign in </a> </li> <li class="mt-login-forgot-password"> <a class="mt-icon-login-forgot-password" href="https://documentation.meraki.com/Special:UserPassword" title="Retrieve lost password"> Forgot password </a> </li> </ul> </div> <div class="grape-site-search"> <div class="mt-quick-search-container"> <form action="/Special:Search"> <input name="path" id="mt-search-path" type="hidden" value="" /> <label class="mt-label" for="mt-site-search-input"> Search </label> <input class="mt-text mt-search search-field" name="q" id="mt-site-search-input" placeholder="How can we help you?" type="search" /> <button class="mt-button ui-button-icon mt-icon-site-search-button search-button" type="submit"> Search </button> </form> </div> </div> </div> <div class="grape-site-nav grape-wrapper-container"> <ul class="mt-breadcrumbs"> <li> <a href="https://documentation.meraki.com/"> <span class="mt-icon-article-category mt-icon-article-home"></span> Home </a> </li> <li> <a href="https://documentation.meraki.com/CiscoPlusSecureConnect"> <span class="mt-icon-article-category"></span> Cisco Secure Connect </a> </li> <li> <a href="https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco___Secure_Connect_Troubleshooting_Guides"> <span class="mt-icon-article-guide"></span> Cisco Secure Connect Troubleshooting Guides </a> </li> </ul> </div> </div> <div class="grape-content grape-wrapper"> <div class="grape-content-container grape-wrapper-container"> <div id="flash-messages"><div class="dekiFlash"></div></div> <h1 id="title" class="no-edit" style="visibility: visible;"> Site Localization </h1> <div class="mt-last-updated"> <strong>Last updated:</strong> <span class="modified mt-last-updated-timestamp" data-timestamp="2024-09-25T12:52:19Z"></span> </div> <div class="mt-content-header"></div> <div class="mt-content-side"></div> <div id="mt-toc-container" data-title="Table of contents" data-collapsed="true"> <button class="mt-toggle mt-summary-toggle ui-button-icon mt-toggle-expand">Table of contents</button> <div class="mt-toc-content mt-collapsible-section mt-toc-hide"> <ol><li><a href="#Geolocation" rel="internal">Geolocation</a></li><li><a href="#Requirements" rel="internal">Requirements</a></li><li><a href="#How_to_Disable_QUIC" rel="internal">How to Disable QUIC</a></li><li><a href="#Verification" rel="internal">Verification</a></li><li><a href="#Limitations" rel="internal">Limitations</a></li></ol> </div> </div> <div id="page-top"> <div id="topic"> <div id="pageText"> <div class="mt-page-summary"><div class="mt-page-overview"></div></div> <div mt-section-origin="CiscoPlusSecureConnect/Cisco___Secure_Connect_Troubleshooting_Guides/Site_Localization" class="mt-section" id="section_1"><span id="Geolocation"></span><h3 class="editable">Geolocation</h3> <p>Geolocation refers to the identification of the geographic location of a user's device, usually via an IP address. When traffic goes through a proxy server, the source IP address is replaced with that of the proxy's IP address. To address this problem for HTTPS (web) requests, the X-Forwarded-For (XFF) request header field was created. When HTTPS traffic goes through a web proxy server like the Secure Connect Secure Web Gateway (SWG), the proxy server will add the originating IP address of a client to the XFF header field. This allows websites that support XFF to identify the proper geolocation of the client.</p> <p>Secure Connect has data centers across the globe, and there are instances where users from one country may be accessing cloud using data centers in another country. In these instances, it is critical to maintain the original client IP inside XFF header.&nbsp; If the original XFF header is replaced the user's browser may show undesired search and language results. This document will cover&nbsp;requirements required to maintain originating client IP address in XFF header when connecting to Secure Connect fabric, as well as list of any caveats related to geolocation identification.&nbsp;</p> </div><div mt-section-origin="CiscoPlusSecureConnect/Cisco___Secure_Connect_Troubleshooting_Guides/Site_Localization" class="mt-section" id="section_2"><span id="Requirements"></span><h3 class="editable">Requirements</h3> <p>Secure Connect requires following to be configured for maintaining originating client IP address:</p> <ol> <li> <p><a target="_blank" title="Site Localization" class="mt-self-link" href="https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco___Secure_Connect_Troubleshooting_Guides/Site_Localization" rel="internal"><strong>Meraki Auto-VPN</strong></a> or manual <strong>Secure Internet</strong> IPSec tunnel (<a title="Cisco Secure Connect - Meraki MX IPSec Tunnel" href="https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco__Secure_Connect_Now-_Sites/Cisco__Secure_Connect_-_Meraki_IPSec_Tunnel" rel="internal">Meraki</a> or <a title="Cisco Secure Connect - Non-Meraki IPSec Tunnel" href="https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco__Secure_Connect_Now-_Sites/Cisco__Secure_Connect_Setting_Up_Secure_Access_Tunnels" rel="internal">Non-Meraki</a>)</p> </li> <li> <p>Web policy with <a title="https://docs.umbrella.com/umbrella-user-guide/docs/add-a-rules-based-policy#httpsInspection" href="https://docs.umbrella.com/umbrella-user-guide/docs/add-a-rules-based-policy#httpsInspection" target="_blank" rel="external noopener nofollow" class="link-https">HTTPS inspection</a>&nbsp;and&nbsp;TLS decryption enabled</p> </li> <li> <p>QUIC disabled in web browser&nbsp;</p> </li> </ol> </div><div mt-section-origin="CiscoPlusSecureConnect/Cisco___Secure_Connect_Troubleshooting_Guides/Site_Localization" class="mt-section" id="section_3"><span id="How_to_Disable_QUIC"></span><h3 class="editable">How to Disable QUIC</h3> <p>QUIC is a general-purpose transport layer protocol. Unlike TCP and UDP, QUIC is secure by default. One of QUIC&rsquo;s main goals is to speed up HTTP traffic. It achieves this by multiplexing connections between two endpoints into a single flow and reducing the connection overhead associated with TCP. To enable QUIC to work with existing network equipment and systems, it utilizes UDP as its underlying layer.</p> <p>In Secure Connect, the XFF header is added or edited by the Secure Web Gateway (SWG). Like most web proxies, the SWG is built around HTTP over TCP. Because of this, QUIC traffic bypasses the SWG, and therefore the XFF header is not added or updated.</p> <p>Most browsers support QUIC. Google Chrome, Chromium-based browsers such as Edge, Opera, and Brave, as well as Mozilla Firefox, have QUIC enabled by default. It is recommended that you disable QUIC in the browser if you are experiencing problems with geolocation.</p> <p>To disable QUIC&nbsp;in Chrome browser type &quot;<strong><b><a title="chrome://flags" href="chrome://flags" target="_blank" rel="external noopener nofollow" class="external">chrome://flags</a>&quot; </b></strong>and search for <strong>QUIC. </strong>Manually disable QUIC protocol.&nbsp;</p> <p><img alt="Screenshot 2024-03-08 at 3.40.32&#8239;PM.png" style="width: 647px; height: 253px;" class="internal default" width="647px" height="253px" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/25140/Screenshot_2024-03-08_at_3.40.32%25E2%2580%25AFPM.png?revision=1&amp;size=bestfit&amp;width=647&amp;height=253" /></p> <p>Similar steps can be done for other browsers that support QUIC.</p> <p>&nbsp;</p> </div><div mt-section-origin="CiscoPlusSecureConnect/Cisco___Secure_Connect_Troubleshooting_Guides/Site_Localization" class="mt-section" id="section_4"><span id="Verification"></span><h3 class="editable">Verification</h3> <p>There are&nbsp; few web sites that can help&nbsp;identify if originating client IP address is maintained inside XFF header.&nbsp; We can see in the below example that origin XFF field is combined of public IP address 134.19.189.156 where client connects and Secure Connect proxy IP 155.190.118.67 of one of the data centers. The curl command was executed on&nbsp; the client machine. Note that&nbsp;X-Forwarded-For extended HTTP header should be formatted as {client1, proxy1, proxy2, ...}, where the first IP is client originating IP followed by list of all proxy&nbsp; services on the path.</p> <blockquote> <p>client@ip-10-10-20-3:~$ curl -k -X GET &quot;<a title="http://httpbin.org/ip" href="http://httpbin.org/ip" target="_blank" rel="external noopener nofollow" class="external">http://httpbin.org/ip</a>&quot; -H &quot;accept: application/json&quot;</p> <p>&nbsp; &nbsp;{</p> <p>&nbsp; &nbsp; &nbsp; &quot;origin&quot;: &quot;<strong><span class="mt-bgcolor-f1c40f">134.19.189.156</span></strong>, 155.190.118.67&quot;</p> <p>&nbsp; &nbsp;}</p> </blockquote> </div><div mt-section-origin="CiscoPlusSecureConnect/Cisco___Secure_Connect_Troubleshooting_Guides/Site_Localization" class="mt-section" id="section_5"><span id="Limitations"></span><h3 class="editable">Limitations</h3> <ol> <li>Each browser may work differently when identifying the location and language of the client. HTTP&nbsp;header have field called &quot;Accept-Language&quot;. Generally this field would be a&nbsp;language set on the client end point. Firefox will read this field and use it as client language when listing pages and web sites. Chrome doesn't have language field and would use different ways to identify language of the client machine.</li> <li>Server must support extended XFF header and must honor the first IP address as originating client IP address.&nbsp;X-Forwarded-For extended HTTP header should be formatted as {client1, proxy1, proxy2, ...}.</li> <li>Server must have up to date IP location database to correctly identify location of client IP address. Some ISPs &quot;recycle&quot; IPs across&nbsp;single country and customers, which can&nbsp;cause the identification of the location to be incorrect. Example, IP assigned by ISP may point inside &nbsp;database to location that is in different city.</li> <li>Some servers may use IPv6 for communication which doesn't use XFF.</li> </ol> </div></div> </div> </div> <div class="mt-content-footer"></div> <ol class="grape-meta-data grape-meta-article-navigation"> <li class="grape-back-to-top"><a class="mt-icon-back-to-top" href="#title" id="mt-back-to-top" title="Jump back to top of this article">Back to top</a></li> <li class="grape-article-pagination"><ul class="mt-article-pagination"> <li class="mt-pagination-previous"> <a class="mt-icon-previous-article" href="https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco___Secure_Connect_Troubleshooting_Guides/How_to_Contact_Cisco___Secure_Connect_Support" title="How to Contact Cisco Secure Connect Support"><span>How to Contact Cisco Secure Connect Support</span></a> </li> <li class="mt-pagination-next"> <a class="mt-icon-next-article" href="https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco___Secure_Connect_Troubleshooting_Guides/Thousand_Eyes_Integration_with_Secure_Connect" title="Thousand Eyes Integration with Secure Connect"><span>Thousand Eyes Integration with Secure Connect</span></a> </li> </ul> </li> </ol> </div> </div> <div class="grape-footer grape-wrapper"> <div class="grape-wrapper-container"> <ol> <li class="grape-footer-copyright">&copy; Copyright 2024 Cisco Meraki Documentation</li> <li class="grape-footer-powered-by"><a href="https://mindtouch.com/demo" class="mt-poweredby product " title="MindTouch" target="_blank"> Powered by CXone Expert <span class="mt-registered">&reg;</span> </a></li> </ol> </div> </div> <div class="grape-footer-custom"> <div class="mt-custom-footer-container"><div class="mt-top-footer"><div class="mt-top-logo"><a href="http://meraki.cisco.com/" target="_blank" rel="external noopener nofollow" class="external"><img class="mt-cdn" src="https://documentation.meraki.com/@api/deki/site/logo?default=https%3A%2F%2Fdocumentation.meraki.com%2F%40cdn%2F%40style%2Fcommon-legacy%2Fimages%2Flogo.png" alt="Cisco-Meraki" /></a></div><div class="mt-top-external-links"><div class="mt-top-ul-container" id="top-Company"><h6 class="mt-top-ul-title">Company</h6><ul class="mt-top-ul"><li class="mt-top-li"><a href="https://meraki.cisco.com/about/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">About Meraki</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/jobs" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Careers</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/support/#policies:privacy" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Privacy</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/trust" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Trust</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/gdpr" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">GDPR</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/support/#policies:tou" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Terms of Use</a></li></ul></div><div class="mt-top-ul-container" id="top-Partners"><h6 class="mt-top-ul-title">Partners</h6><ul class="mt-top-ul"><li class="mt-top-li"><a href="https://www.merakipartners.com/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Partner Portal Login</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/partner/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Become a Partner</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/managedserviceproviders" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Manage Service Providers</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/solutions/serviceprovider" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Service Providers</a></li></ul></div><div class="mt-top-ul-container" id="top-getStarted"><h6 class="mt-top-ul-title">Get Started</h6><ul class="mt-top-ul"><li class="mt-top-li"><a href="https://meraki.cisco.com/form/contact/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Contact Us</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/form/demo/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Get a Demo</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/form/trial/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Start Your Trial</a></li></ul></div><div class="mt-top-ul-container" id="top-Resources"><h6 class="mt-top-ul-title">Resources</h6><ul class="mt-top-ul"><li class="mt-top-li"><a href="https://meraki.cisco.com/webinars/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Webinars</a></li><li class="mt-top-li"><a class="mt-top-a internal" href="https://documentation.meraki.com/" rel="internal">Documentation</a></li><li class="mt-top-li"><a href="https://community.meraki.com/t5/Meraki-Community/ct-p/meraki" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Community</a></li><li class="mt-top-li"><a href="https://community.meraki.com/learninghub?utm_source=documentation&amp;utm_medium=footer-learninghub" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Learning Hub</a></li></ul></div></div></div><div class="mt-bottom-footer"><div class="mt-social-container"><ul class="mt-social-ul"><li class="mt-social-li"><a href="https://twitter.com/meraki" target="_blank" rel="external noopener nofollow" class="mt-social-a mt-icon-twitter link-https"></a></li><li class="mt-social-li"><a href="https://www.instagram.com/ciscomeraki/?hl=en" target="_blank" rel="external noopener nofollow" class="mt-social-a mt-icon-instagram link-https"></a></li><li class="mt-social-li"><a href="https://www.facebook.com/CiscoMeraki/" target="_blank" rel="external noopener nofollow" class="mt-social-a mt-icon-facebook link-https"></a></li><li class="mt-social-li"><a href="https://www.youtube.com/channel/UCimwNLMzVRMp7SUPVRNaqew" target="_blank" rel="external noopener nofollow" class="mt-social-a mt-icon-youtube link-https"></a></li></ul></div><div class="mt-copyright-container"><p>&copy; 2024 Cisco Systems, Inc.</p></div></div></div> <script type="text/javascript">/*<![CDATA[*/ var feedback_btn = document.querySelector(".mt-feedback-button"); feedback_btn.innerText = "Request Update"/*]]>*/</script> </div> <script type="text/javascript" data-mindtouch-module="true" src="https://a.mtstatic.com/deki/javascript/out/standalone/ui.widget.helpWidget.js?_=aae9f894b8b9c897d72439fee4980c96b51ba5ff:site_13505"></script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10