Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Access Rules and GEO-IP filter

On our TZ470W, I set up an access rule for inbound HTTPS traffic to accommodate Exchange OWA. Under tab Security Profiles, I set a custom GEO-IP filter to only allow the Netherlands.

When doing a routine eventlog check on the Exchange server, I notice an entry of a failed logon attempt. It lists the user host address as Doing a lookup, this address resolves to ISP Hurricane Electric, based in the US.

How can that be when the only allowed country is the Netherlands?

Category: Firewall Security Services


  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Did you do the lookup from the GeoIP diags tool on the firewall or from Sonicwall's online GeoIP lookup tool? I have found some inconsistencies between the two - obviously what the firewall says "wins" when it comes to applying the rule.

  • Options
    Simon_WeelSimon_Weel Enthusiast ✭✭
    edited September 2023

    Most of the times I use this site: | Free IP lookup tool for IP addresses and websites

    When I use the GeoIP diags tool on the firewall it reports the same country.

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    The on-firewall tool is the only one that is relevant, because that's how the firewall determines what to do. You won't be able to progress this issue with Sonicwall if you use any other lookup tool.

Sign In or Register to comment.