Hi,
After update to 9.503-4 (from some 9.4 version), we have found that Country blocking is dropping packets from IP 82.119.228.254 (Slovakia). But we have this feature turned off for Slovakia.
It seems that there is problem with just this one IP address, from Slovakia. We have resolved this by making Country blocking exception for this IP, but it's very strange.
Is there any way to troubleshoot Country blocking? Or how to find out for what country Sophos UTM thinks that this IP is from? It was Sophos VPN client trying to connect to our UTM from that IP BTW. Below is packetfilter log.
Packetfilterlog:
30>2017:09:27-15:56:03 sophos-2 ulogd[13735]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="lag2.75" srcmac="e4:d3:f1:8b:c3:28" dstmac="Our WAN MAC address" srcip="82.119.228.254" dstip="Our WAN IP address" proto="6" length="48" tos="0x00" prec="0x00" ttl="121" srcport="12836" dstport="443" tcpflags="SYN"
Thank you!
This thread was automatically locked due to age.
