This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Country blocking exception not working

I'm running Firmware version: 9.303-2. I have Country Blocking turned on to some  countries, one of which is Netherlands.

When I try to go to: Yellow Bricks

I get this error:
Content blocked
While trying to retrieve the URL: Yellow Bricks
The content is blocked due to the following condition:
The URL you have requested matches a forbidden Country. If you think this is wrong, please contact your administrator.
Country: Netherlands

I went to "Country Blocking Exceptions" and created a an exception called "Whitelist"

It says its set to:

skip blocking of these countries:
    [Netherlands] Netherlands
for traffic going to these destination networks:
    Whitelist 1
    Whitelist 2
    Whitelist 3
Using these services:
    Any

For the three networks, I've tried three things:

Name: Whitelist 1
Type: DNS Host
Hostname: Yellow Bricks


Name: Whitelist 2
Type: DNS Host
Hostname: yellow-bricks.com


Name: Whitelist 3
Type: Network
IPV4 address: 109.237.219.143 /32


None of them work. 

If I tell the country blocking list to allow Netherlands, it lets me access the site.


Any ideas?

Thanks!

Arch


This thread was automatically locked due to age.
Parents
  • Well, I've been battling an inbound country blocking exception for days and I just found this topic.

    Synology support from Thailand needed to access my NAS over SSH, and HTTPS over port 5001. So, I built a DNAT with an auto FW rule to handle the SSH, and let my existing HTTPS/5001 web publishing rule handle the rest. I also built a country block exception for Taiwan from Synology's support IP addresses on destination ports 22 and 5001.

    I can connect just fine from a US address, which is allowed by country blocking along with Canada - in other words, these countries are switched "off." All other countries are set to block traffic "from" them, including Taiwan.

    But unfortunately,  Synology support can't connect and the FW log stubbornly shows GEOIP blocks for the inbound traffic on both ports.

    Upon reinspection, the DNAT and auto FW rule looked to be correctly constructed, and the country block exception, also.

    I ran the source IPs through the MaxMind database and confirmed they were in the excepted country.

    I've now disabled Country Blocking and I'm waiting for Synology support to try again. It occurs to me that I could also switch Taiwan to "off" in Country Blocking, and achieve the same result.

    /sigh    ....sure would like this to work as designed.

     

    edited to add: In fact, Synology was able to access my appliance five times overnight, after I disabled Country Blocking altogether. I've since re-enabled Country Blocking, but switched Taiwan to "off," and I'm waiting to see a connection attempt.

  • Timothy, please have a ticket submitted to Sophos Support.  They won't fix it unless we complain when it doesn't work!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Timothy, please have a ticket submitted to Sophos Support.  They won't fix it unless we complain when it doesn't work!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data