How to resolve mismatch of country-IP mapping? - Knowledge Base - Palo Alto Networks

How to resolve mismatch of country-IP mapping?

40552

Created On 10/08/19 20:39 PM - Last Modified 01/03/24 12:47 PM

Objects

Content Release

PAN-OS

Panorama

Objective

Sometimes country ip mapping on Firewall does not match the actual GeoLocation of the IP Address. The article explains how to correct the same.

Environment

Any PAN-OS.
Any Panorama.

Procedure

Make sure device is updated with the last content version.
Run show location ip <ip address> command to check the Geolocation indicated by the firewall. Example below.
```
>show location ip 91.214.5.149 

91.214.5.149 
United Kingdom
```
Check the actual Geolocation of the IP address using external websites. Some listed below.
```
https://www.iplocation.net
https://www.countryipblocks.net
```
If the result of external website and the result on the Firewall do not match, Content version needs to be fixed. Create the support TAC case for fixing the problem.
As a work around till the content version is fixed, create a custom region with the correct location. From the Web GUI: Objects Tab > Regions:

Additional Information

IP-to-country-mapping is updated in weekly content loads. PAN-OS performs IP Address Region (Country) Mapping through an internal database which is updated weekly via content updates.

Other users also viewed:

How to download GlobalProtect from the Customer Support Portal

Download and Install the GlobalProtect App for Windows

Resource List: GlobalProtect Configuring and Troubleshooting

PAN-OS Software Updates

Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)