This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Whitelisting an IP for VPN with country blocking enabled

I have sophos utm9 with country blocking enabled.

I have a user that is currently in a country that it is blocked, so I have gone to the exception list and added the below:

entered name, which country

host/networks: i have added his static IP

Services: I chose the vpn ports however even with any he is not able to connect vpn.

Below please find the log:

2022:02:03-10:13:22 fw01 ulogd[14428]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped 
(GEOIP)" action="drop" fwrule="60019" initf="ppp0" srcip="***" dstip="***" proto="6" length="52" tos="0x00"
 prec="0x00" ttl="116" srcport="59921" dstport="1194" tcpflags="SYN" 


I have also tried creating a firewall rule manually and adding all vpn services just in case but still :S

This thread was automatically locked due to age.

Top Replies

dirkkotte over 2 years ago in reply to Sophos User3521 +1 verified

ok, possible the country is not recognized correctly ... try more/all countries. The Network within coming from these "host/networks" contains the srcip from your Firewall-log? ... and you don't bind…

Parents

0 dirkkotte over 2 years ago

You have to select all (possible) source countries within the exception.

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel
0 Sophos User3521 over 2 years ago in reply to dirkkotte

What do you mean. The user that is trying to connect to our vpn is from russia so I have selected russia federation.
Cancel
Vote Up 0 Vote Down

Cancel
0 dirkkotte over 2 years ago in reply to Sophos User3521

Your Exception Shows "Europe" without selected Countries. Here you have to select "russia"

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel
0 Sophos User3521 over 2 years ago in reply to dirkkotte

Russia is selected. sorry
Cancel
Vote Up 0 Vote Down

Cancel
+1 dirkkotte over 2 years ago in reply to Sophos User3521

ok, possible the country is not recognized correctly ... try more/all countries.

The Network within coming from these "host/networks" contains the srcip from your Firewall-log?

... and you don't bind this Host definition to a specific interface ...!!?

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up +1 Vote Down

Cancel
0 Sophos User3521 over 2 years ago in reply to dirkkotte

seems to have worked by selecting all europe as countries and not just Russia.

Doesn't make sense as the blocking of the country works by selecting just Russia. Buy anyway as long as it is working :p

thanks all for the suggestions
Cancel
Vote Up 0 Vote Down

Cancel
0 Amodin over 2 years ago in reply to Sophos User3521

This is due to the IP origin set by the provider.

It's a common thing, and I think it's to the point that people get paid to do this to bypass filters like this, lol.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Amodin over 2 years ago in reply to Sophos User3521

This is due to the IP origin set by the provider.

It's a common thing, and I think it's to the point that people get paid to do this to bypass filters like this, lol.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data