What to check when Geo Location policy is providing incorrect region lookups?

What to check when Geo Location policy is providing incorrect region lookups?

15926
Created On 07/27/19 01:53 AM - Last Modified 09/12/25 08:58 AM


Question


If Geo Location policy is providing incorrect region lookup, what information should be validated?

Environment


  • NGFW
  • Supported PAN-OS
  • Regions configured in security policy

Answer


  1. Verify and update the content version on the firewall to the latest release.
  2. Perform NSLOOKUP on a PC to determine the IP address of suspected URL. In this example we are trying to determine the location of www.google.com.
C:\> nslookup www.google.com
Server:  <omitted>
Address:  <omitted>

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:4005:80b::2004
          172.217.164.100
  1. On the firewall, issue show location ip <IP_Addr>  to check for location.
admin@PA(active)> show location ip 172.217.164.100
172.217.164.100
United States
  1. Look up the location of the same ip by checking any IP lookup websites such as whatismyipaddress.com/ip-lookup and compare the result against the location that shows on the firewall.
Details for 172.217.164.100
IP:	172.217.164.100
<information removed>
Continent:	North America
Country:	United States
  1. If the results differ, then please open a support case to have the issue resolved.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMUkCAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language