SMA 500v policy log

FlashMcQuick

Hello everyone,

I've configured my SMA with a geopolicy to only accept allowed IP addresses.

However, I sometimes receive email alerts for intrusions from blocked countries.

I thought that when I set up a policy, it wouldn't appear in the logs. Is that really the case?

Another question, I sometimes receive intrusion emails even though my policy is configured.

For example:

Is this normal?

Shouldn't my access page be inaccessible?

Thank in advance.😉