This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

v.9.713-19 Country Blocking problem (and maybe Web Filtering too).

This may somehow be related to the Web Filtering issue with v.9.713-19,  We installed v.9.713-19 on several different UTMs..  Users trying to traverse these UTM's are having no success getting to some websites via the UTM.  For instance Shopify hosted sales sites.  We have found that the problem is related to "Country Blocking".  For example.  If we disable the country blocking service in its entirety, end users can get to Shopify websites with Canadian IP's without issue.  However, if we only disable country blocking for Canada (setting: off), end users cannot get to the Canadian website Shopify,

Previous to this current problem, for many, many UTM versions, country blocking has worked just fine.  Now it does not.



This thread was automatically locked due to age.
  • Sorry for my confusion, but from your description it sounds like Country Blocking is working exactly how it's supposed to. Are you trying to allow them access to Shopify while maintaining a Country Block for Canada?  If so, you can create an exception for that site while maintaining the block.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Hi Amodin:

    No, we're not trying to allow access to Shopify while maintaining a Country Block for Canada.  We turned off the Country Block for Canada (we tried both the settings "From" and "Off" in Country Blocking), and we tried "Country Blocking Exceptions" as well.

    So I do think our settings are good, or at least they used to be good.  This setup has worked fine for multiple years with no issues like this.

    And yes, over the years end users have accessed allowed international sites with no issue.

    The end users are trying to access internationally hosted web sites from, various in office computers, installed on entirely different internal office networks. Country blocking, AKA GeoIP fencing, has been enabled on each network's UTM for for multiple years.  I mention Shopify because it they are a widely accessed example, but other international sites are also a problem.  Note:  End users can get to "Shopify" and other internationally hosted sites just fine when using their mobile phones on their cellular networks, but cannot when using their mobile phones via WiFi over their internal office networks.  So this appears to be a problem only for traffic going through their UTMs.

    BTW: Previous to installing v.9.713-19, there were no problems accessing allowed international IP's, such as those in Canada.

  • Have you tried to add sites to your Web Filtering exceptions list?  

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Hey E,

    I'm not sure that it isn't a glitch int the UTM, but, per the first sentence in #1 in Rulz, please show a line from the Web Filtering log where Shopify is blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA