- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-08-2022 07:21 AM
Where can you locate the IP address ranges for the Country/Regions. I am adding in a block rule for specific regions, but I need to know the IP address ranges that this uses in order for uses with some identity blocking.
03-08-2022 09:08 AM
I'm not sure you can view the full list of IP to country mapping.
You can query an address and get the mapped location:
fw> show location ip 8.8.8.8
8.8.8.8
United States
You can use a directory like Nirsoft to view the geoblocks then run the CLI to verify the PA has associated it to the expected country.
03-08-2022 07:53 PM
GeoIP databases are generally paid services. The free services that you'll find are usually only looking at registry data and won't be as accurate as paid services like IP2Location or MaxMind. If I were you, I would use MaxMind's free Geo2Lite if you were looking for a free option to get as accurate as possible.
If you're willing to spend a bit of money, MaxMind and IP2Location will sell you their database access for a minimal one-time fee. I think IP2Location is like $50 and MaxMind's one-time cost like $25 or there about. That provides as accurate data as you can get that are utilized across the industry.
03-09-2022 10:42 AM
IP blocks were allocated to regional registries which then allocate them to local providers. The assigned blocks are not contiguous. Australia is in the APNIC region so they would be allocated from APNIC controlled address space.
03-09-2022 11:17 AM
Ummm... "Lakin985" appears to be a new bot account to post spam... The "reply" is a direct copy of a StackOverflow post 9 years ago. I'm betting in the next day or two the account will edit the post to include a spam link in the quoted content.
03-16-2022 06:27 AM
Only specify your own country in any exposed security rulebase rules that you have, or alternatively only allow access to external resources within your own country if you wish to block access to things hosted externally as well.
You could do this for every entry that you create in your rulebase, or you could alternatively make a "blocklist" sort of entry at the very top of your rulebase. Set everything from untrust or whatever you call your external security zone, and then simply negate your country from the rule. This will drop everything cleanly under one rule entry.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!