How to resolve mismatch of country-IP mapping?

How to resolve mismatch of country-IP mapping?

31376
Created On 10/08/19 20:39 PM - Last Modified 01/03/24 12:47 PM


Objective


Sometimes country ip mapping on Firewall does not match the actual GeoLocation of the IP Address. The article explains how to correct the same.

Environment


  • Any PAN-OS.
  • Any Panorama.

Procedure


  1. Make sure device is updated with the last content version.
  2. Run show location ip  <ip address>  command to check the Geolocation indicated by the firewall. Example below. 
    >show location ip 91.214.5.149 

91.214.5.149 
United Kingdom
  3. Check the actual Geolocation of the IP address using external websites. Some listed below. 
    https://www.iplocation.net
https://www.countryipblocks.net
  4. If the result of external website and the result on the Firewall do not match, Content version needs to be fixed. Create the support TAC case for fixing the problem. 
  5. As a work around till the content version is fixed,  create a custom region with the correct location. From the Web GUI: Objects Tab > Regions:
image.png
                      image.png
 

Additional Information


IP-to-country-mapping is updated in weekly content loads. PAN-OS performs IP Address Region (Country) Mapping through an internal database which is updated weekly via content updates.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMt6CAG&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language