Incorrect GeoIP location

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Incorrect GeoIP location

L1 Bithead
Hi,
 
It came to my attention that our IP address: 94.23.154.203 according to paloalto geo database appears as it is located in Russian Federation, whereas RIPE and ARIN, NIC, maxmind and others state correctly it is a United Kingdom based IP address.
This is problematic for us, as some of the clients of your firewall solutions block traffic from/to Russia.
 
How and when can we fix this ?
8 REPLIES 8

Cyber Elite
Cyber Elite

@pablo77,

You'll need to contact support to actually get this cleared up. 

Lovely, but how do I do it without being PAN customer ?

@pablo77,

That I'm not sure, the sales contacts may be able to put you in touch with the right team. I know you said your IP address was up-to-date elsewhere but I'm not getting the same information when I do a whois lookup on other sites. Where ping.eu will report the informaiton as GB services such as ipaddress.com report your country as RU as well. GeoIP information isn't updated by services all that often, so I'm guessing that this was updated not that long ago and the database that Palo Alto pulls from simply hasn't been updated yet. 

 

This misconfiguration is a recent discovery for us, however, this IP address has been with us for 18 months now. I am contacting all affected GoIP vendors to have this corrected.

It puzzles me why this discrepancy exists and a few providers never decided to use most recent data.

 

I called sales and I was given urlfiltering paloaltonetworks com.

I have submitted my request there, but it does not look like a dedicated GeoIP page like other vendors provide.

L4 Transporter

 

Hi @pablo77 ,

 

Couple of pointers:

 

 

HTH.

 

Regards,

Anurag

================================================================
ACE 7.0, 8.0, PCNSE 7

  • The link urlfiltering.paloaltonetworks.com is for URLs and will not help in sorting out wrong Geolocations.

1. I assumed so

  • The pre-defined regions database that Palo Alto Networks uses is the one defined by the ...

2. Great, my data is correct there

  • You could try updating the content version (Apps+Threats) because that's how they are updated in the PA.

3. I am NOT the customer of Paloalto networks.

4. I am a web hoster whos clients complain that they cannot reach our websites.

 

The identified reason is: palo alto network firewall solution used by one of the companies/networks is configured to block traffic to/from Russian Federation.

Above company informaed us about the fact that IP->Country provided by PAN claims our ip address is classified as russian.

Quote from the company explaining it :

"Our firewall automatically drops traffic from Russia, china & the middle east for security reasons.

...

Please could you suggest they visit the Palo Alto support site: https://live.paloaltonetworks.com/t5/custom/page/page-id/Support

They should be able to raise a support ticket and get it sorted there.

"

 

In a more graphical way:

 

Website User  Some 3RD party comapny net that uses Your Firewall...  Our IP address → Our Web Server

                                  ... blocking Russian IP addresses

                                 

                             GeoIP database from Palo Alto Network...

                                  ... that states that U.K. IP address: 94.23.154.203 is in Russia

 

  • Verify it's correctly updated in IANA. If it's not showing correctly there, PA will not read any different.

See p2

 

See p3

@pablo77,

Even with the most recent dynamic updates your IP is still listed as RU on a PA device without making a custom region listing. 

 

I would guess however that this is a tad bit more widespread than Palo Alto. While most sites are reporting your IP correctly a fair amount do still list the IP within Russia for whatever reason. 

Just an FYI to those interested. 

I have opened up a case with Palo Alto Networks group that handles all GEO-IP change requests. 

It is in progress and should be changed soon.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
  • 6380 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!