Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

SMA 500v (10.2.0.10) - GeoIP based on Flag not Location :-)

BWCBWC Cybersecurity Overlord ✭✭✭
in Secure Mobile Access Appliances

Hi,

today a customer complained about, being not able to connect via NetExtender or Browser to his SMA 500v. We're running a strict GeoIP Policy allowing Germany only. The initiating request came from a location in Germany and was detected as such, but the corresponding Flag in the Logs is the Flag of Belgium, which looks a bit similar.

After changing the GeoIP Policy to allow Belgium as well, the connection was possible.

So it seems GeoIP Filtering is doing some weird stuff and not honoring what it is logging? If I check with Talos Intelligence the IP came back as located in Belgium, Whois and other Lookup Tools returned Germany. Maybe there is some form of Proxy in the mix which sits in Belgium, but the log is not consistent.

SMA.jpg

The conclusion to all of this? Know your Flags, it might be helpful some day. 🤦

--Michael@BWC

Category: Secure Mobile Access Appliances
Reply
Sign In or Register to comment.