Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 8 subscribers
  • Views 1944 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Whitelisting an IP for VPN with country blocking enabled

Sophos User3521

I have sophos utm9 with country blocking enabled.

I have a user that is currently in a country that it is blocked, so I have gone to the exception list and added the below:

entered name, which country

host/networks: i have added his static IP

Services: I chose the vpn ports however even with any he is not able to connect vpn.

Below please find the log:

2022:02:03-10:13:22 fw01 ulogd[14428]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped 
(GEOIP)" action="drop" fwrule="60019" initf="ppp0" srcip="***" dstip="***" proto="6" length="52" tos="0x00"
 prec="0x00" ttl="116" srcport="59921" dstport="1194" tcpflags="SYN" 


I have also tried creating a firewall rule manually and adding all vpn services just in case but still :S


This thread was automatically locked due to age.
Parents Reply
  • +1 in reply to Sophos User3521

    ok, possible the country is not recognized correctly ... try more/all countries.

    The Network within coming from these "host/networks" contains the srcip from your Firewall-log?

    ... and you don't bind this Host definition to a specific interface ...!!?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
  • 0 in reply to dirkkotte

    seems to have worked by selecting all europe as countries and not just Russia.

    Doesn't make sense as the blocking of the country works by selecting just Russia. Buy anyway as long as it is working :p

    thanks all for the suggestions

  • 0 in reply to Sophos User3521

    This is due to the IP origin set by the provider. 

    It's a common thing, and I think it's to the point that people get paid to do this to bypass filters like this, lol.  

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Unfiltered HTML