1st Firewall rule has GEO blocks. But I am seeing this rule cause ALLOWS in the log. What is going on?

Looks like the Proxy is picking up this traffic and blocking it.

As you can see, the Block rule has the Proxy enabled, hence Firewall will give the traffic to the proxy to drop it. You can see the destination port transferred to Port 3128 (proxy). 

The traffic should not be actually allowed, as the proxy will drop it anyways. But the log viewer will show this as "allowed". 

Ok I was wondering about that.  So I went into the Firewall rule and I could not find a place to disable that.

Is there a way?

Thanks!!

-Pete

As far as i know, there is no way to disable the proxy for this traffic. But in the end, the outcome should be the same, the traffic should not be allowed. If its still allowed, you would have to open a support case to investigate in more detail. 

As far as i know, there is no way to disable the proxy for this traffic. But in the end, the outcome should be the same, the traffic should not be allowed. If its still allowed, you would have to open a support case to investigate in more detail. 

I did dig into it and I do not see the traffic on my web server.   So I am sure you are correct.

It would be nice to be able to allow a firewall RULE not have any other dependencies.

So if I do a country block I do not want it to go any further.  

Maybe they should look into supporting this kind of feature?

Thanks again for your help!

-Pete

Hi Peter,

the recommended approach is to blackhole the offending countries. This where you create a firewall rule with linked NAT pointing at a non existent IP address on your LAN.

There is a KBA on how to do this.

Ian