This ip was flagged by a rule that has a bunch of countries that I block. The UK is not in my list, yet the below IP is getting blocked by this rule. What source is XG using to determine the country? I have included ip lookup results are from ultratools.
2020-02-23 19:23:21Firewallmessageid="00002" log_type="Firewall" log_component="Firewall Rule" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="12" nat_rule_id="0" policy_type="1" user="" user_group="" web_policy_id="2" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="0" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="Port1" in_display_interface="Port1" out_interface="Port2" out_display_interface="Port2" src_mac="xxx" dst_mac="" src_ip="xxx" src_country="R1" dst_ip="185.216.34.227" dst_country="AUT" protocol="UDP" src_port="51222" dst_port="8888" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
inetnum: 185.216.34.0 - 185.216.34.255 netname: M247-LTD-Vienna descr: M247 LTD Vienna Infrastructure country: AT geoloc: 48.2000 16.3667 admin-c: GBXS-RIPE tech-c: GBXS-RIPE status: LIR-PARTITIONED PA mnt-by: GLOBALAXS-MNT source: RIPE organisation: ORG-GL37-RIPE org-name: M247 Ltd org-type: LIR address: 1 Ball Green, Cobra Court address: M32 0QT address: Manchester address: UNITED KINGDOM
Thanks,
Gary
This thread was automatically locked due to age.
