FWAllowEnd in the logs for geo_src that is blocked
M370 running 12.71.1
While perusing the logs, I saw a FWAllowEnd entry with a geo_src= for a country code that is not allowed. When I searched the logs for exact match of geo_src=XXX (country that is blocked), I discovered many blocked packets with a disposition of denied (mostly unhandled packets, with a few for geolocation), but there was a few FWAllowEnd entries. The ID is 30000151 - Traffic connection terminated.
If I search for the src_ip of the FWAllowEnd entries, I do not see any initiating connection that would have eventually produced the FWAllowEnd entry. The bytes sent are from 51 bytes to 447 bytes.
First off, are others registering these type of entries for blocked countries, and second, can some explain why these entries are logged even if the source IP is form a country code that is blocked?