Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 5592 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM country blocking - blocking geo allowed IP

HayMak3r

Greetings,

My utm firewall is for some reason blocking a US based cloudfare IP for Discord. This started a couple days ago I think. 

I of course don't have the US blocked in country blocking, but the country blocking rule is blocking it.. Here is some data for this. I think this may be some sort of FP perhaps??

From the Shell:

geoiplookup 162.159.135.232
GeoIP Country Edition: US, United States

From the network logs:

2023:04:04-10:41:23 bouncerasg ulogd[13546]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="lag0" outitf="eth5" srcmac="" dstmac="" srcip="<mypc>" dstip="162.159.135.232" proto="17" length="1378" tos="0x00" prec="0x00" ttl="127" srcport="63248" dstport="443"

From the UI:

I know I can just exclude the IP, but why is the firewall doing this?!?!

Thanks,
Chris



This thread was automatically locked due to age.
Parents
  • 0

    Just curious if there could be any update to this? I just tested country blocking, and I am STILL having this issue with cloudfare IP's. I would REALLY like to keep this turned on. Excluding the IP's is NOT working. This is the first time I have ever needed to open a forum post up, or have had any real issues with this firewall. I have used this since the ASG days. I really hope that this experience is not normal with a slow response, and I have just gotten lucky all of these years with not needing any support.

Reply
  • 0

    Just curious if there could be any update to this? I just tested country blocking, and I am STILL having this issue with cloudfare IP's. I would REALLY like to keep this turned on. Excluding the IP's is NOT working. This is the first time I have ever needed to open a forum post up, or have had any real issues with this firewall. I have used this since the ASG days. I really hope that this experience is not normal with a slow response, and I have just gotten lucky all of these years with not needing any support.

Children
  • 0 in reply to HayMak3r

    Hello  ,

    I apologize that you have faced this issue. This issue should be already resolved. RPM can be check to confirm UTM has updated it's patterns on your device. u2d-geoipxtipv6-9-259 is fixed version

    To check, kindly input command in advance shell:

    rpm -qa | egrep 'xtipv6'

    If this issue still persist after you have confirmed the installed pattern is  u2d-geoipxtipv6-9-259 

    -Kindly open a support ticket and please share with us the caseID.

    Many thanks for your time and patience and thank you for choosing Sophos

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Unfiltered HTML