Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tommy_Forrest
Advisor

Why does the wrong flag show up for an IP address in GeoBlocking?

I've seen an interesting behavior in our 80.10 infrastructure.

We use GeoBlocking and many times we'll see where the firewall is dropping the traffic due to a GeoBlock.  But, it posts the wrong country's flag next to the IP address.

In the attachment, you'll see 13.75.126.169 being marked with an American flag.  However, the destination country is marked as HKG.

Checking the MaxMind GeoIP2 City Database does indeed note the IP is registered to Hong Kong.

MSFT is the owner of the IP block.

So, is the firewall log telling me that the IP is owned by a US company, but assigned in another country?

3 Replies
PhoneBoy
Admin
Admin

That doesn’t sound like correct behavior.

Have you opened a TAC case?

0 Kudos
Tommy_Forrest
Advisor

Yes, spoke with TAC.

They believe that because the netblock is owned by MSFT, the firewall is showing that as owned by an American company while the network is assigned to another country.  Hence the 2 flags.

It kinda, sorta makes sense.  Just weird to see it like that when you're troubleshooting.

Dreyfuss
Contributor

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events