Skip to main content
Cisco Meraki Documentation

Site Localization

  1. Last updated
  2. Save as PDF

Geolocation

Geolocation refers to the identification of the geographic location of a user device via a variety of data collection mechanisms. HTTPS traffic uses X-Forwarded-For field in its header to identify user location. The X-Forwarded-For (XFF) request header is a standard header for identifying the originating IP address of a client connecting to a web server through a proxy server. It is up to web browser to process XFF header to create localized content.  

Secure Connect has data centers across the globe, and there are instances where users from one country may be accessing cloud using data centers in another country. In these instances it is critical to maintain the original XFF header.  If the original XFF header is replaced the user's browser may show undesired search and language results. Example would be that user in the Netherlands opens a Netherlands owned web page that gets opened in German language. 

Requirements

Secure Connect requires following to be configured for correct geolocation identification to work:

  1. Manual Secure Internet IPSec tunnel (Meraki or Non-Meraki)

  2. Web policy with HTTPS inspection 

  3. QUIC disabled in web browser 

Private Secure Access tunnel is not supported for geolocation at this time. 

How to Disable QUIC

QUIC is a general-purpose transport layer protocol. Unlike TCP and UDP, QUIC is secure by default. One of QUIC’s main goals is to speed up HTTP traffic. It achieves this by multiplexing connections between two endpoints into a single flow and reducing the connection overhead associated with TCP. To enable QUIC to work with existing network equipment and systems, it utilizes UDP as its underlying layer.

In Secure Connect, the XFF header is added or edited by the Secure Web Gateway (SWG). Like most web proxies, the SWG is built around HTTP over TCP. Because of this, QUIC traffic bypasses the SWG, and therefore the XFF header is not added or updated.

Most browsers support QUIC. Google Chrome, Chromium-based browsers such as Edge, Opera, and Brave, as well as Mozilla Firefox, have QUIC enabled by default. It is recommended that you disable QUIC in the browser if you are experiencing problems with geolocation.

To disable QUIC in Chrome browser type "chrome://flags" and search for QUIC. Manually disable QUIC protocol. 

Screenshot 2024-03-08 at 3.40.32 PM.png

Similar steps can be done for other browsers that support QUIC.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
  2. Tags
    This page has no tags.