Conflict Between GeoFencing and SSL
There was an old discussion thread in November 2019 about a conflict between SSL Certificates and GeoFencing / GeoBlocker. Problem seems to be reoccurring -- in November again. The one twist that seem to be a new factor is that it doesn't happen on all websites.
The sites where we are seeing the problem have a common symptom. The A record for the domain points to an IP address in Tempe, AZ. But if I do a reverse looking on the IP address, there are two PTR records. One is in Tempe, AZ. The other is in Netherlands (which we have GeoFenced).
Anyone else seeing this problem again?
0
Sign In to comment.
Comments
Hi @FR8_Guy
It's not uncommon for sites to do this, particularly high traffic ones that need to load balance across multiple regions. If you're running into a site that is incorrectly listed, I'd suggest making a geolocation exception for it (via FQDN) for now, and create a support case so that it can be fixed.
You can create a support case by clicking the support center link at the top right of this page.
-James Carson
WatchGuard Customer Support
Thank you for the feedback. There is a reason we GeoFence the Netherlands. State sponsored threat actors have been very busy in that country since Russia invaded Ukraine.
I already did create a geolocation exception via FQDN. That allows me to see the site -- BUT -- with an error for the SSL certificate. If I test from a different rule which doesn't utilize GeoFencing I don't get the same error. It looks to me like trusted certificate root is also being GeoFenced. I can't determine where that is located, but it must be someplace that is still blocked.