Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 5604 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM country blocking - blocking geo allowed IP

HayMak3r

Greetings,

My utm firewall is for some reason blocking a US based cloudfare IP for Discord. This started a couple days ago I think. 

I of course don't have the US blocked in country blocking, but the country blocking rule is blocking it.. Here is some data for this. I think this may be some sort of FP perhaps??

From the Shell:

geoiplookup 162.159.135.232
GeoIP Country Edition: US, United States

From the network logs:

2023:04:04-10:41:23 bouncerasg ulogd[13546]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="lag0" outitf="eth5" srcmac="" dstmac="" srcip="<mypc>" dstip="162.159.135.232" proto="17" length="1378" tos="0x00" prec="0x00" ttl="127" srcport="63248" dstport="443"

From the UI:

I know I can just exclude the IP, but why is the firewall doing this?!?!

Thanks,
Chris



This thread was automatically locked due to age.
Parents
  • 0

    This is the result of the command:

    loginuser@bouncerasg:/home/login > rpm -qa | egrep 'xtipv6'
    u2d-geoipxtipv6-9-259

    The first link that was provided by emmosophos is for a different cloudflare range. So are you sure this is actually resolved? My issue is with a different ip range. What is strange is why should this really matter? If I exclude the IP's Discord is using, the issue doesn't go away, so there seems to be more going on here than just the ip range being falsely blocked. I will try to open a support case.

    Regards,

    Chris

Reply
  • 0

    This is the result of the command:

    loginuser@bouncerasg:/home/login > rpm -qa | egrep 'xtipv6'
    u2d-geoipxtipv6-9-259

    The first link that was provided by emmosophos is for a different cloudflare range. So are you sure this is actually resolved? My issue is with a different ip range. What is strange is why should this really matter? If I exclude the IP's Discord is using, the issue doesn't go away, so there seems to be more going on here than just the ip range being falsely blocked. I will try to open a support case.

    Regards,

    Chris

Children
No Data
Unfiltered HTML