Geolocation, blocked countries not blocking
Please see the attached images.
I have Denmark as one of the blocked countries (block1.PNG), I'm still able to go to a Denmark domain website, https://denmark.dk/ (block2.png)
Why is WatchGuard allowing me to go to that website?
0
Sign In to comment.
Comments
My Current Version: 12.7.2 (Build 655803)
It looks like I need to apply the 'Global' policy to HTTPS-Outbound firewall policy, but I already have that enabled.
See attached images
Please see attachment.
I looked at the traffic monitor, and from what I can tell, it is allowing traffic to Denmark domain. Am I looking at this right?
May be I need to move the rule to the top of the firewall rules? Because the only Deny, the one in Red (Cleanup Rule) is at the very last of the firewall list.
The Green ones, HTTPS-Outbound is not at the top of the list, its more in the middle.
Right?
*Removed last log as it showed customer's public IP.
Hi @tantony
The logs you posted show that the destination IP is in the USA. The screenshots don't really help here.
-Don't assume that a country's webpage is hosted in the country it is for. Webservers can be located anywhere.
-Geolocation is based on the location of the IP in a database -- not the top level domain. If you want to block *.dk sites, you can do so in the HTTP proxy in URL paths.
See:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/http/http_req_url_paths_c.html
-James Carson
WatchGuard Customer Support
Thank you, that makes sense because when I did a trace route to denmark.dk, it is staying within the US.
I tried an Iranian domain website, irangov.ir, and it was blocked by WatchGuard. I did a trace route to irangov.ir, and it was outside us.
oddly, I'm blocking India also, but I'm not able to do a trace route to https://www.india.gov.in/, but I'm able to go to the website.
I guess I need to look at the traffic monitor go dive deep.