Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.
Per this post, Sophos uses Maxmind for IP Geolocation. Is this still true?
I ask because Maxmind reports literotica.com as being in the US:
but UTM says otherwise:
I'm not asking how to change Maxmind's determination - because it appears to be correct:
I'm asking why Maxmind says United States and UTM says Uzbekistan.
Hey busthead ,
Yes on UTM it shows the following:
geoiplookup 216.150.64.0
GeoIP Country Edition: UZ, Uzbekistan
For which you can submit the request here - https://support.maxmind.com/hc/en-us/requests/new
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
A reverse DNS lookup on 216.150.64.0 returns 216-150-64-0-block.reverse.ezzi.net not literotica[.]com.
Where is the 216.150.64.0 address coming from?
A nslookup from my UTM command line yields the correct addresses (in the US):
216.150.64.0 is not what's being blocked:
/var/log/http/2023/06/http-2023-06-21.log.gz:2023:06:21-22:04:45 Hillary-1 httpproxy[60070]: id="0067" severity="info" sys="SecureWeb" sub="http" name="web request blocked, connection to forbidden country" action="block" method="CONNECT" srcip="192.168.0.126" dstip="216.150.65.200" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaNULLNetwo2 (Deckernet)" filteraction="REF_DefaultHTTPCFFAction (Default Filter Action)" size="0" request="0x7f60d330cc00" url="">www.literotica[.]com/" referer="" error="" authtime="0" dnstime="3" aptptime="154" cattime="0" avscantime="0" fullreqtime="225340" device="0" auth="0" ua="" exceptions="" overridecategory="1" overridereputation="1" category="112" reputation="trusted" categoryname="Entertainment" country="Uzbekistan"
/var/log/http.log:2023:06:22-08:24:46 Hillary-1 httpproxy[60070]: id="0067" severity="info" sys="SecureWeb" sub="http" name="web request blocked, connection to forbidden country" action="block" method="CONNECT" srcip="192.168.0.220" dstip="216.150.65.190" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaNULLNetwo3 (NULL's Devices)" filteraction="REF_HttCffNULLConteFilte (Allow All Filter Action)" size="3280" request="0x2f84000" url="">www.literotica.com/" referer="" error="" authtime="0" dnstime="102595" aptptime="124" cattime="0" avscantime="0" fullreqtime="378884" device="0" auth="0" ua="" exceptions="" overridecategory="1" overridereputation="1" category="112" reputation="trusted" categoryname="Entertainment" country="Uzbekistan"
How do I force UTM to resync it's Maxmind database?
Hey busthead ,
I also noticed this is categorized under pornography ! 
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hey busthead , I did try raising the support ticket with the maxminds - 352710, but it seems they have still not updated !
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hey busthead ,
This has been resolved with the Maxminds team now:
geoiplookup 216.150.65.190
GeoIP Country Edition: US, United States
geoiplookup 216.150.65.200
GeoIP Country Edition: US, United States
geoiplookup 216.150.65.0
GeoIP Country Edition: US, United States
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Same issue is back again...
Hey busthead I have raised the request with the maxmind database, will update here, once they have rectified the issue !
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hey busthead ,
This is rectified and I have verified, cheers.
vivek-utm:/home/login #geoiplookup 216.150.65.200
GeoIP Country Edition: US, United States
vivek-utm:/home/login # geoiplookup 216.150.65.0
GeoIP Country Edition: US, United States
vivek-utm:/home/login # geoiplookup 216.150.65.190
GeoIP Country Edition: US, United States
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hey busthead ,
This is rectified and I have verified, cheers.
vivek-utm:/home/login #geoiplookup 216.150.65.200
GeoIP Country Edition: US, United States
vivek-utm:/home/login # geoiplookup 216.150.65.0
GeoIP Country Edition: US, United States
vivek-utm:/home/login # geoiplookup 216.150.65.190
GeoIP Country Edition: US, United States
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
