IP Geolocation issues with the Applications and Threats package 8559-7361
13900
Created On 04/20/22 20:43 PM - Last Modified 04/24/24 09:39 AM
Symptom
PAN-OS presently reports incorrect geolocation of the IP networks served out of the USA and owned by Microsoft Azure as other countries in Content version (8559)
Environment
- Any Palo Alto Firewall or Panorama.
- Content version 8559
Cause
- Trying to check the GeoLocation for IP addresses report incorrect regions.
- One of our sources of Threat Intelligence appears to have triggered these false positives.
- Geolocation of IP addresses from the following ranges is identified incorrectly with the installed Applications and Threats package 8559-7361:
13.107.208.0/24
13.107.213.0/24
13.107.219.0/24
13.107.224.0/24
13.107.226.0/23
13.107.228.0/23
13.107.231.0/24
13.107.234.0/23
13.107.246.0/24
13.107.253.0/24
35.239.29.80
52.113.194.132
104.17.25.14
104.17.24.14
104.16.184.248
104.16.185.248
168.63.129.16
172.217.168.196
192.0.63.252
204.141.32.0/24
208.67.220.220
208.67.222.222
208.109.41.245
209.208.244.94
- CLI Example:
> show location ip 13.107.246.11
13.107.246.11
China
> show location ip 198.74.81.13
198.74.81.13
India
Resolution
- Applications and Threats package 8559-7361 was pulled out from our content updates.
- If you have already installed 8559-7361, Install the new version of the Applications and Threats package (8560) to fix the issue.
Additional Information
PAN-OS has the capability to create a custom region through the PAN-OS UI -> Objects -> Regions for customers to create custom regions as a workaround to mitigate such issues.