PAN-OS reporting incorrect geolocation of IP address

PAN-OS reporting incorrect geolocation of IP address

Created On 04/30/20 22:33 PM - Last Modified 05/13/20 13:53 PM

PAN-OS reporting incorrect geolocation of IP address 


It is normal for IP addresses and spaces to change frequently

Validate the issue in PAN-OS by: 
  1. Ensuring you are running the latest content update as this is the database PAN-OS leverages for the latest geolocation information.  
  2. Running > show location ip <ip_address> in the CLI 

This will indicate what PAN-OS has in its records for the given IP address and its geolocation.  

Provide supporting evidence of a discrepancy using common IP address lookup information such as:

  • whois
  • traceroute
  • ping
  • asn
  • reverse dns
  • nslookup 
  • dig 
  • viewing a web page's certificate

A TAC case will need to be opened so that Palo Alto Networks may correct this issue and implement it in a future content update.  For immediate remediation, we have the capability to create a custom region through the PAN-OS UI -> Objects -> Regions.  

Free supporting resources include: 

A combination of these results provides a lot of confidence and insight into where an IP address is being served out from.

Additional Information
With CDNs and cloud providers, it is important to make the distinction that the geolocation of an IP address is based on the location the IP address is served from (e.g., AWS is hosted by Amazon, with their HQ in Washington, U.S., but one of their data centers maybe in APAC or EU.  Therefore, it is important to verify where the IP address is being served out of as this determines its geolocation.)

  • Print
  • Copy Link

Choose Language