SMA 500v (10.2.0.10) - GeoIP based on Flag not Location :-)
today a customer complained about, being not able to connect via NetExtender or Browser to his SMA 500v. We're running a strict GeoIP Policy allowing Germany only. The initiating request came from a location in Germany and was detected as such, but the corresponding Flag in the Logs is the Flag of Belgium, which looks a bit similar.
After changing the GeoIP Policy to allow Belgium as well, the connection was possible.
So it seems GeoIP Filtering is doing some weird stuff and not honoring what it is logging? If I check with Talos Intelligence the IP came back as located in Belgium, Whois and other Lookup Tools returned Germany. Maybe there is some form of Proxy in the mix which sits in Belgium, but the log is not consistent.
The conclusion to all of this? Know your Flags, it might be helpful some day. 🤦