Are you testing from the XXX.XXX.XXX.XXX/32 address? From the description of your issue, it is not clear what you mean by global IP address, is that an HTTP(S) Load Balancer global IP address? Or did you mean a public IP address?
Also, when you say set IP ranges, are you referring to the network or the source ranges? If it is the network, the IP address/range that should be configured there is the cockpit's public IP; if you are referring to the source range, then that should be the public IP address of the client testing.
Please take a look at how to Configure firewall rules for common use cases.