This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why IP's are GEO-IP blocked?

This is not making sense to me. Two of my US IP addresses are now being blocked by Sophos UTM GEO-IP blocking. This issue just started this morning. Both IP's are in the US. I've even verified that they are listed as US IP's by running the following command on the UTM:

geoiplookup 107.173.167.75
GeoIP Country Edition: US, United States

Below is an entry from the firewall log:

2024:01:23-10:20:02 gateway ulogd[8519]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth1" srcmac="dc:38:e1:ca:a1:c7" dstmac="a0:36:9f:e2:85:51" srcip="107.173.167.75" dstip="173.73.250.39" proto="6" length="60" tos="0x00" prec="0x00" ttl="56" srcport="57762" dstport="443" tcpflags="SYN"

I added a Country Blocking Exception as a workaround but what the heck is going on? I have United States set to Off under Country Blocking. I've made no recent changes to the UTM.

UPDATE: If I change Canada from From to Off under Country Blocking, the IP's are not GEO-IP blocked by the UTM. This makes no sense because running the command I listed above clearly shows it's a US IP address.



This thread was automatically locked due to age.