This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tommy_Forrest
Advisor
‎2018-12-11 07:03 AM

Why does the wrong flag show up for an IP address in GeoBlocking?

I've seen an interesting behavior in our 80.10 infrastructure.

We use GeoBlocking and many times we'll see where the firewall is dropping the traffic due to a GeoBlock.  But, it posts the wrong country's flag next to the IP address.

In the attachment, you'll see 13.75.126.169 being marked with an American flag.  However, the destination country is marked as HKG.

Checking the MaxMind GeoIP2 City Database does indeed note the IP is registered to Hong Kong.

MSFT is the owner of the IP block.

So, is the firewall log telling me that the IP is owned by a US company, but assigned in another country?

Preview file
4 KB
3 Replies
PhoneBoy
Admin
Admin
‎2018-12-13 07:52 AM

That doesn’t sound like correct behavior.

Have you opened a TAC case?

0 Kudos
Tommy_Forrest
Advisor
‎2018-12-13 12:34 PM
In response to PhoneBoy

Yes, spoke with TAC.

They believe that because the netblock is owned by MSFT, the firewall is showing that as owned by an American company while the network is assigned to another country.  Hence the 2 flags.

It kinda, sorta makes sense.  Just weird to see it like that when you're troubleshooting.

Dreyfuss
Contributor
‎2021-09-09 02:41 PM
In response to Tommy_Forrest

Hi there! I found the same issue here. Maybe it works for you:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos