GeoIP

Question

Is anybody having success in using the GeoIP functionality? I am not and i find it quite frustrating. 
 What have i done: 1. created a country group within that group f.i. Romania: 
 2. created a Drop rule based on the country group: 
 3. Have been checking logs for a couple of weeks, today i saw that there wher entries in the log showing me that traffic was allowed originating from a Romanian IP: 
 
 And this is only one example, my log is filled with more similar ones. Any thoughts on this? Is my thinking wrong, was my execution poor or are my expectations not right? 
 Grtz, Peter-Paul

FormerMember · Accepted Answer

Hi Peter-Paul Gras 
 This is known behavior when the service is destined for the local service on the XG. The firewall rules do not come into effect for the local system. Thus to overcome this, creating a DNAT rule with source as the country group, and follow the instructions outlined in this KB Article : Sophos XG: Creating a blackhole DNAT . 
 Thanks,

FormerMember · Answer

Hi Rijsbol 
 Thank you for providing screenshots of your firewall rules. 
 Please change the destination to some other IP address that is not configured in your internal network. The IP address 1.2.3.4 is a magic IP address that is used for Sophos AP registration on the firewall. Also, consider creating a matched drop/reject firewall rule. 
 Thanks,

GeoIP

Top Replies