This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tommy_Forrest
Advisor
‎2018-12-11 07:03 AM

Why does the wrong flag show up for an IP address in GeoBlocking?

I've seen an interesting behavior in our 80.10 infrastructure.

We use GeoBlocking and many times we'll see where the firewall is dropping the traffic due to a GeoBlock.  But, it posts the wrong country's flag next to the IP address.

In the attachment, you'll see 13.75.126.169 being marked with an American flag.  However, the destination country is marked as HKG.

Checking the MaxMind GeoIP2 City Database does indeed note the IP is registered to Hong Kong.

MSFT is the owner of the IP block.

So, is the firewall log telling me that the IP is owned by a US company, but assigned in another country?

Untitled.png
Preview file
4 KB
3 Replies
PhoneBoy
Admin
Admin
‎2018-12-13 07:52 AM

That doesn’t sound like correct behavior.

Have you opened a TAC case?

0 Kudos
Tommy_Forrest
Advisor
‎2018-12-13 12:34 PM
In response to PhoneBoy

Yes, spoke with TAC.

They believe that because the netblock is owned by MSFT, the firewall is showing that as owned by an American company while the network is assigned to another country.  Hence the 2 flags.

It kinda, sorta makes sense.  Just weird to see it like that when you're troubleshooting.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top