This is not making sense to me. Two of my US IP addresses are now being blocked by Sophos UTM GEO-IP blocking. This issue just started this morning. Both IP's are in the US. I've even verified that they are listed as US IP's by running the following command on the UTM:
geoiplookup 107.173.167.75 GeoIP Country Edition: US, United States
Below is an entry from the firewall log:
2024:01:23-10:20:02 gateway ulogd[8519]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth1" srcmac="dc:38:e1:ca:a1:c7" dstmac="a0:36:9f:e2:85:51" srcip="107.173.167.75" dstip="173.73.250.39" proto="6" length="60" tos="0x00" prec="0x00" ttl="56" srcport="57762" dstport="443" tcpflags="SYN"
I added a Country Blocking Exception as a workaround but what the heck is going on? I have United States set to Off under Country Blocking. I've made no recent changes to the UTM.
UPDATE: If I change Canada from From to Off under Country Blocking, the IP's are not GEO-IP blocked by the UTM. This makes no sense because running the command I listed above clearly shows it's a US IP address.
This thread was automatically locked due to age.
