Valid IP Address Ranges Blocked by the Management Gateway Blacklist

Version 3

    Background Information:

     

    The Management Gateway Appliance has a built in firewall.  The firewall is capable of blocking specified IP Addresses or IP Address ranges based on a blacklist that can be created.  Some entries in the blacklist are pre-populated.

     

    Problem:

     

    Some entries in the blacklist exclude valid IP Address ranges, including those commonly used by various cell phone providors' aircards.  Also, some ISPs will assign IP blocks in the blacklisted ranges.  This can result in devices not being able to connect if they are using a blacklisted IP Address, or the Gateway Appliance or Core server can be in blacklisted ranges, which would leave the Gateway Appliance in a virtually unuseable state.

     

    These entries block IP address ranges where the first octet is:

    80-95 or 208-223

     

    For example the IP Address 208.X.X.X would be incorrectly blocked, where X can be any value, but 224.X.X.X would not be blocked.

     

    Resolution:

     

    Remove the following entries from the firewall blacklist -

    81.196.229.0/4

    211.248.38.25/4

    212.38.95.3/4

     

    Image included for visual representation.

    LDMG-Firewall-BAD.JPG