How to locate the IP address range mapping to country/Region

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to locate the IP address range mapping to country/Region

L0 Member

Where can you locate the IP address ranges for the Country/Regions.  I am adding in a block rule for specific regions, but I need to know the IP address ranges that this uses in order for uses with some identity blocking.

6 REPLIES 6

L5 Sessionator

I'm not sure you can view the full list of IP to country mapping.

You can query an address and get the mapped location:

fw> show location ip 8.8.8.8

8.8.8.8
United States

 

You can use a directory like Nirsoft to view the geoblocks then run the CLI to verify the PA has associated it to the expected country.

https://www.nirsoft.net/countryip/

Cyber Elite
Cyber Elite

@AdrianBuck1,

GeoIP databases are generally paid services. The free services that you'll find are usually only looking at registry data and won't be as accurate as  paid services like IP2Location or MaxMind. If I were you, I would use MaxMind's free Geo2Lite if you were looking for a free option to get as accurate as possible.

If you're willing to spend a bit of money, MaxMind and IP2Location will sell you their database access for a minimal one-time fee. I think IP2Location is like $50 and MaxMind's one-time cost like $25 or there about. That provides as accurate data as you can get that are utilized across the industry. 

L5 Sessionator

IP blocks were allocated to regional registries which then allocate them to local providers. The assigned blocks are not contiguous. Australia is in the APNIC region so they would be allocated from APNIC controlled address space. 

Ummm... "Lakin985" appears to be a new bot account to post spam... The "reply" is a direct copy of a StackOverflow post 9 years ago. I'm betting in the next day or two the account will edit the post to include a spam link in the quoted content.

L2 Linker

I want to block all countries except my own country. How to do it in a simple and short way?

Cyber Elite
Cyber Elite

@Fagani,

Only specify your own country in any exposed security rulebase rules that you have, or alternatively only allow access to external resources within your own country if you wish to block access to things hosted externally as well. 

You could do this for every entry that you create in your rulebase, or you could alternatively make a "blocklist" sort of entry at the very top of your rulebase. Set everything from untrust or whatever you call your external security zone, and then simply negate your country from the rule. This will drop everything cleanly under one rule entry. 

  • 8131 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!