Safe Access Many Safe Access blocks

Currently reading
Safe Access Many Safe Access blocks

When I said localised in USA, I meant that clients based in USA, i.e. are you all that are experiencing this based in the USA?

It appears to be a legit digicert site.
I had multiple devices reaching out to this out of the blue as well.
The URLs for TLS OCSP and CRL here, for me in UK, resolve to 192.229.221.95. Maybe they resolve to 192.229.211.108 for you?

However, this does seem to be either a false positive or there is a real reason for it. Could there be other services accessed through this edge IP address? Could one of them be the trigger for flagging a malware?
 
When I said localised in USA, I meant that clients based in USA, i.e. are you all that are experiencing this based in the USA?


The URLs for TLS OCSP and CRL here, for me in UK, resolve to 192.229.221.95. Maybe they resolve to 192.229.211.108 for you?

However, this does seem to be either a false positive or there is a real reason for it. Could there be other services accessed through this edge IP address? Could one of them be the trigger for flagging a malware?
I'm based in USA
 
Since early this morning. Woke up to multiple emails about 192.229.211[.]108
Being blocked on iPhone and iPad by Safe Access. Emails Started at 2:30A while everyone asleep.

iPad is rarely used, except for Zoom meetings.

Searching that IP brought up multiple posts from others discussing this IP last year, with some indicating it’s a false positive.

Anyone else, or just me?

Western NC in USA

I just got this starting yesterday.

It comes from all kinds of devices in my network: iPads, Samsung TVs, and Windows Computers.

Interestingly, it that IP was blocked coming from a clean VMware Workstation VM, windows 11 OS, as soon as it booted up.



Interestingly, that IP was blocked from a clean VMware Workstation VM, windows 11 OS, as soon as it booted up.
 
The frequency of these messages/events seems to be slowing down, however they're still present. Interestingly, it seems to be limited to only Apple devices on my network (specifically, iPhones, iPads, Apple TVs, HomePods, and MacBooks are implicated in the logs - whether or not they are being actively used or in 'standby'), I don't see any other brand of device in my 450+ events involving 192.229.211.108 that were logged this morning alone.

I see other users mentioned Ring and Windows systems... interesting! I have a mix of other devices on my network too, but they're not included in these logs.
Same for me - it's Apple devices.
 
Last edited:
Things have quieted down here. Apple Phones, iPad, windows 7 & 10 computers, multiple Samsung TV’s.
Surprising: Yamaha 5.1 Receiver (RX-V479), DTV “Genie”, and 4K & 2K Roku’s were on, had internet access, but were not involved in this. ??

4:40PM EST: Things still quiet here, about 2.5 hours after things quieted down — magically, on their own!!
I’m going to assume someone contacted someone, who Fixed Something…. and go back to my project at hand…. Which has nothing to do with what we encountered today!!!

This started at ~3:30AM EST, this morning, when I was awakened by multiple emails!

Thanks — Someone!
 
Hi Jan, this IP is nothing to be alarmed about and the IP can be whitelisted. It is a new IP for DigiCert certificate authority (CA) to validate SSL certificates for any web browser or other encrypted information. DigiCert is a trusted global certificate signature authority. You can find more information on their knowledge base post here : New Dedicated IP Addresses

Hope this helps everyone.
 
Hi Jan, this IP is nothing to be alarmed about and the IP can be whitelisted. It is a new IP for DigiCert certificate authority (CA) to validate SSL certificates for any web browser or other encrypted information. DigiCert is a trusted global certificate signature authority. You can find more information on their knowledge base post here : New Dedicated IP Addresses

Hope this helps everyone.
Thanks! At 3:30AM, Waking up to multiple emails out of the blue…… it’s hard to properly make sense out of that, but it’s good to know this info after the fact!
 
I'm in NY, 8.10pm, EST. Same issue. Mine started 1/31 around 10.30am. Almost every device. It appears affecting Apple devices but not Amazon KFs. SA is grabbing it but TP, nothing.

So, this is related to DigiCert?
 
I have been getting these alerts all day from my Apple devices - iPhones, MacBook - but not from the PC or Chromebooks in the house.

mp/m
As a follow-up, I stopped getting the alerts at 9:48 pm CT US.

Whether it's related or not, my kid's Chromebooks from their school were not able to get out to the Internet and were getting blocked by Fortinet, which is something that intercepts Web sites they are not supposed to visit. An odd coincidence.

mp/m
 
Last edited:
I put two rules in my Syno FW. 1 outbound and 1 inbound for that IP. The outbound is the one that gets hits regularly not the inbound. I also noted the System rule to SRM for Web Services gets hit much more regularly - 460 hits over the last 24 hours.
As someone said-- it seems to be related to my Apple devices.
I also put in a ticket with SYNO and am awaiting a reply.
My emails seem to stop although not sure why. Oh.. I think its because I white listed that IP
I will post as soon as I hear from SYNO.
 
Last edited:
I did an outbound TCP/UDP deny of source IP Range from LAN .1 to .160 to internet at that IP (above that on LAN denied in subsequent rule)
Edit added an inbound one, too
No Hits on either, but suddenly emails stopped!! ?????




A post at Synology site points at FBI.. Oh my! Synology Please say something!

Just saw 3 database updates! Safe Browsing, Threat Prevention, Domain Databases updated... (Hopefully!)
 
Since it affects most of us in one way or another, has anyone created a Synology support ticket? If so, please share the information and their response.

Does this issue affect Synology routers specifically or is this outside in the wild?
 
Hi Jan, this IP is nothing to be alarmed about and the IP can be whitelisted. It is a new IP for DigiCert certificate authority (CA) to validate SSL certificates for any web browser or other encrypted information. DigiCert is a trusted global certificate signature authority. You can find more information on their knowledge base post here : New Dedicated IP Addresses

Hope this helps everyone.
Just to clarify, the new IP affects the clients (Phones, iPads, etc..) but the router recognizes the IP as malicious and therefore blocks it. Is that correct?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I tend to use pihole and unbound, pihole is very good for getting rid of ads, and you can run it in a...
Replies
4
Views
1,100
I have a running ticket with Synology support and I have been troubleshooting this issue where a device...
Replies
13
Views
2,692
Ok. I will have to explore this a little more with my own devices some on 15.7 and others on 16. Thanks...
Replies
5
Views
3,578
Release Notes for Safe Access Description: Safe Access integrates advanced parental control and...
Replies
0
Views
2,073
Some very quick testing... My normal SRM firewall rules include specific outbound rules to permit LAN...
Replies
6
Views
3,965

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top