Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Access Rules and GEO-IP filter

Simon_WeelSimon_Weel Enthusiast ✭✭
in Firewall Security Services

On our TZ470W, I set up an access rule for inbound HTTPS traffic to accommodate Exchange OWA. Under tab Security Profiles, I set a custom GEO-IP filter to only allow the Netherlands.

When doing a routine eventlog check on the Exchange server, I notice an entry of a failed logon attempt. It lists the user host address as 64.62.197.194. Doing a lookup, this address resolves to ISP Hurricane Electric, based in the US.

How can that be when the only allowed country is the Netherlands?

image.png
image.png


Category: Firewall Security Services
Reply

Answers

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    Did you do the lookup from the GeoIP diags tool on the firewall or from Sonicwall's online GeoIP lookup tool? I have found some inconsistencies between the two - obviously what the firewall says "wins" when it comes to applying the rule.

  • Simon_WeelSimon_Weel Enthusiast ✭✭
    edited September 2023

    Most of the times I use this site: LookIP.net | Free IP lookup tool for IP addresses and websites

    When I use the GeoIP diags tool on the firewall it reports the same country.

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    The on-firewall tool is the only one that is relevant, because that's how the firewall determines what to do. You won't be able to progress this issue with Sonicwall if you use any other lookup tool.

Sign In or Register to comment.