Version Affected: 21.04+
Description:
Dynamic IP Blocking is not reporting the IP Addresses even though you see in the logs that it checks if the IP is blocked.
Cause:
An IP Address is not considered a bad IP if there was never a try to actually log in.
Resolution:
1. Check Datadog to see whether or not any IPs are currently being tracked. Here is a basic Dynamic IP Blocking Search.
2. Narrow it down by adding "Company_ID:" with the Company GUID to the search.
3. Check if the IP Address you are looking for is on here with a "IP:" search as well.
4 Once those are complete, you should be able to determine whether or not the IP is actually being reported to the Dynamic IP Blocking service.
If you do not see a particular IP Address on here but other IP Addresses are showing for the company, that most likely means that the IP Address is being blocked before it can attempt to log in. The Dynamic IP Blocking service only tracks good/bad IP Addresses once an attempt to log in has been made. If they never end up trying to log in because there are other Adaptive Auth rules in-place, for example, then there would be no entry in the Dynamic IP Blocking service.
Special Considerations:
This is just a guide to help you understand how the Dynamic IP Blocking works. If you are having issues with all IP Addresses not being reported or don't think it is related to this knowledge-base article, please contact SecureAuth Support for assistance.
Comments
Please sign in to leave a comment.