Looks like Firmware 12.11.1 Geo-location is broken

alankevinr1946alankevinr1946
in Firebox - Subscription Services

We have only allowed UK to access the RDS server, since we upgraded to 12.11.1 this is now become vulnerable and geo-location is now allowing countries through that was once blocked

Comments

  • kimmo.pohjoisahokimmo.pohjoisaho

    known issue….
    https://portal.watchguard.com/wgknowledgebase?type=Known Issues&SFDCID=kA1Vr000000AyULKA0&lang=en_US

    open support ticket and ask for a patch….

  • Bruce_BriggsBruce_Briggs

    Known Issue:
    Geolocation no longer classifies IPv4 addresses after upgrade to Fireware v12.11
    https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr000000AyULKA0&lang=en_US

    A patch is available for Fireware v12.11.1. Contact WatchGuard Technical Support.

  • james.carsonjames.carson Moderator, WatchGuard Representative
    edited March 20

    @kimmo.pohjoisaho and @Bruce_Briggs the geolocation issue on 12.11 has been resolved. The KB just has not been updated yet.

    *Correction, they're in the process of rolling out a fix, 12.11.1 Update 1. There will be an announcement on the support blog when this is complete.

    If you're running into a geolocation problem, I'd suggest opening a support case. If you have logs showing the country being detected and not blocked as expected, please include it in the case if you can.

    You can open a support case by clicking the support center link at the top right of this page.

    -James Carson
    WatchGuard Customer Support

  • kimmo.pohjoisahokimmo.pohjoisaho

    12.11.1 Update 1 is now out.

    This release resolves an issue where the Geolocation database loaded only partially or failed to load, which caused failed Geolocation lookups or failures to identify sites that Geolocation should block. [FBX-29123, FBX-29128]

  • markpcommarkpcom

    Something's wrong even with the 12.11.1 Update 1.
    We have geoblocking enabled on over 10 public websites, but it only works on one of them, and only for connections from China. Settings are OK.
    We also have a couple of web portals that should only accept connections from my own country (Italy), but since yesterday, I haven't seen any geolocation-based connections being blocked—this seems almost impossible. We're now geoblocking, let's say, about 2% of what we were geoblocking a few weeks ago, before the geoblocking failure in the 12.11.1 update.
    It's very strange, I’m opening a case.

  • Bruce_BriggsBruce_Briggs

    My logs are showing a number of geo_src denies over the last 2 hours.
    The sources are HKG, RUS, CHN, UKR, IRN & SYC (Seychelles) all of which I which block.

    Running 12.11.1 Update 1

  • markpcommarkpcom

    I can confirm something is still broken, don't know if it's just me. Since last reboot Geolocation scanned 1.800.000 IPs and blocked 1.890.000
    LOL

  • Bruce_BriggsBruce_Briggs

    I'm not having that issue on my T20.

Sign In to comment.