Custom region not reflecting in "show location ip xxx.xxx.xxx.xxx"

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Custom region not reflecting in "show location ip xxx.xxx.xxx.xxx"

L3 Networker

I have an IP address that is showing up in the wrong region, say AM (Armenia) and should be CN (China).  I have a support case open to get that fixed, but it has been open for over a week so I want to do a workaround.

 

Ideally I could specify to override this IP address to show up in CN.  It seems like this could be done via Objects > Regions > Add > Choose CN from the Region drop down > add the IP address in the list below.  But "show locations ip x.x.x.x" still shows that the IP is considered to be in Armenia.

 

So maybe it has to be a custom region?  I created a region called "Test" and put the IP address in it.  "show locations ip x.x.x.x" still shows that the IP is considered to be in Armenia.

 

Does the "show locations ip" command only consider the built-in regions?

If I test with some actual traffic would it do the correct thing?

 

1 accepted solution

Accepted Solutions

L6 Presenter

I don't have it any more, but in 8.1 we were using a custom region rule to rewrite a few IPs into the CN region. Sometime after upgrading to 9.1 I rewrote some Security policies and changed to having my custom regions being unique (i.e. "CDN" for allowed CDNs regardless of geolocation, some custom regions for malware/exploit ranges that are scattered across the world). I assume that adding an IP/range to a predefined region still works the same but I don't have a way to test that easily at the moment.

 

An easy test might be to take something known, say Google DNS 8.8.8.8, and add it to the custom CN region. Commit and then run some ping/DNS tests and look at the logs, see if it now shows as CN instead of US (or India as kept happening to us, now part of our CDN rule).

View solution in original post

4 REPLIES 4

L6 Presenter

Testing here, it appears that the "show location ip" only queries the PA geolocation database. I have some custom regions defined for CDNs/etc. that get misidentified (or are in a different country but we don't want to allow the entire country) and the custom region is both used in the Security policy and appears as the source/destination region in the Traffic logs.

L3 Networker

Thanks, interesting to hear that result of your testing and I guess that confirms my suspicions.

 

Do you have any thoughts then on whether the override of the built-in regions would work as I described in the "Ideally..." paragraph?

 

L6 Presenter

I don't have it any more, but in 8.1 we were using a custom region rule to rewrite a few IPs into the CN region. Sometime after upgrading to 9.1 I rewrote some Security policies and changed to having my custom regions being unique (i.e. "CDN" for allowed CDNs regardless of geolocation, some custom regions for malware/exploit ranges that are scattered across the world). I assume that adding an IP/range to a predefined region still works the same but I don't have a way to test that easily at the moment.

 

An easy test might be to take something known, say Google DNS 8.8.8.8, and add it to the custom CN region. Commit and then run some ping/DNS tests and look at the logs, see if it now shows as CN instead of US (or India as kept happening to us, now part of our CDN rule).

L3 Networker

I added the IP address to the region as I described in the "Ideally..." paragraph and that worked.  It shows up in the traffic logs as that being the Source Country too, which is nice.

I did not verify that this doesn't wipe out any other addresses that are included in the region out-of-the-box.  That is unlikely I think and we don't have any other traffic coming from that region so it would have been a little harder to test.

 

  • 1 accepted solution
  • 3412 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!