Incorrect GeoIP location

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L1 Bithead

Incorrect GeoIP location

Hi,
 
It came to my attention that our IP address: 94.23.154.203 according to paloalto geo database appears as it is located in Russian Federation, whereas RIPE and ARIN, NIC, maxmind and others state correctly it is a United Kingdom based IP address.
This is problematic for us, as some of the clients of your firewall solutions block traffic from/to Russia.
 
How and when can we fix this ?
Highlighted
Cyber Elite

@pablo77,

You'll need to contact support to actually get this cleared up. 

Highlighted
L1 Bithead

Lovely, but how do I do it without being PAN customer ?

Highlighted
Cyber Elite

@pablo77,

That I'm not sure, the sales contacts may be able to put you in touch with the right team. I know you said your IP address was up-to-date elsewhere but I'm not getting the same information when I do a whois lookup on other sites. Where ping.eu will report the informaiton as GB services such as ipaddress.com report your country as RU as well. GeoIP information isn't updated by services all that often, so I'm guessing that this was updated not that long ago and the database that Palo Alto pulls from simply hasn't been updated yet. 

 

Highlighted
L1 Bithead

This misconfiguration is a recent discovery for us, however, this IP address has been with us for 18 months now. I am contacting all affected GoIP vendors to have this corrected.

It puzzles me why this discrepancy exists and a few providers never decided to use most recent data.

 

I called sales and I was given urlfiltering paloaltonetworks com.

I have submitted my request there, but it does not look like a dedicated GeoIP page like other vendors provide.

Highlighted
L4 Transporter

 

Hi @pablo77 ,

 

Couple of pointers:

 

 

HTH.

 

Regards,

Anurag

================================================================
ACE 7.0, 8.0, PCNSE 7
Highlighted
L1 Bithead

  • The link urlfiltering.paloaltonetworks.com is for URLs and will not help in sorting out wrong Geolocations.

1. I assumed so

  • The pre-defined regions database that Palo Alto Networks uses is the one defined by the ...

2. Great, my data is correct there

  • You could try updating the content version (Apps+Threats) because that's how they are updated in the PA.

3. I am NOT the customer of Paloalto networks.

4. I am a web hoster whos clients complain that they cannot reach our websites.

 

The identified reason is: palo alto network firewall solution used by one of the companies/networks is configured to block traffic to/from Russian Federation.

Above company informaed us about the fact that IP->Country provided by PAN claims our ip address is classified as russian.

Quote from the company explaining it :

"Our firewall automatically drops traffic from Russia, china & the middle east for security reasons.

...

Please could you suggest they visit the Palo Alto support site: https://live.paloaltonetworks.com/t5/custom/page/page-id/Support

They should be able to raise a support ticket and get it sorted there.

"

 

In a more graphical way:

 

Website User  Some 3RD party comapny net that uses Your Firewall...  Our IP address → Our Web Server

                                  ... blocking Russian IP addresses

                                 

                             GeoIP database from Palo Alto Network...

                                  ... that states that U.K. IP address: 94.23.154.203 is in Russia

 

  • Verify it's correctly updated in IANA. If it's not showing correctly there, PA will not read any different.

See p2

 

See p3

Highlighted
Cyber Elite

@pablo77,

Even with the most recent dynamic updates your IP is still listed as RU on a PA device without making a custom region listing. 

 

I would guess however that this is a tad bit more widespread than Palo Alto. While most sites are reporting your IP correctly a fair amount do still list the IP within Russia for whatever reason. 

Highlighted
Community Team Member

Just an FYI to those interested. 

I have opened up a case with Palo Alto Networks group that handles all GEO-IP change requests. 

It is in progress and should be changed soon.

Stay Secure,
Joe
End of line
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!