IP Geo location issues Apps & Threats update v8559-7361?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IP Geo location issues Apps & Threats update v8559-7361?

L1 Bithead

Hi,

 

Since we have installed Apps & Threats update v8559-7361 we see that multiple ip address spaces are incorrect categorized.
Before the upgrade those ip address spaces where categorized as US and after the upgrade categorized as CN (China)

Is it possible that the latest updates has changed some IP geolocations or is it a bug?

 

A short list of ip addresses that are categorized as CN (china)

13.107.213.45
13.107.213.52
13.107.213.67
13.107.246.1
13.107.246.11
13.107.246.2
13.107.246.45
13.107.246.52
13.107.246.67

 

 

example

user@ssc-fwpa-ph-1(active)> show location
> ip By IP address

user@ssc-fwpa-ph-1(active)> show location ip 13.107.213.67

13.107.213.67
China

 

Knipsel.PNG

 

With kind regards,

Patrick

1 accepted solution

Accepted Solutions

L0 Member

Update: https://live.paloaltonetworks.com/t5/customer-resources/ip-geolocation-issues-with-the-applications-...

CyberSec First Responder | GCFE | CCNA Cyber Ops | CVA | CICP | MCITP | MCSE | Google CA | A+

View solution in original post

10 REPLIES 10

L6 Presenter

Hmm... odd. Yeah seeing the same 8559-7361. The following seem to be marked as China, but above and below are marked as US.

13.107.213.0/26

13.107.213.64/30

13.107.246.0/26

13.107.246.64/30

 

There are also some other oddities, 13.107.220.0/26 and 13.17.220.64/30 are marked as Brazil. 13.17.221.64/26 and 13.107.221.128/25 are marked Canada. There may be others.

L0 Member

I am seeing the same.  Citrix put out a support article, "Palo Alto Threat Version 8559-7361 erroneously identifed the 13.0.0.0/8 network as a China location".  I don't see any notice from Palo Alto yet.

source:  Cloud CVAD - All machines are not registering and machines are in Unregistered state due to Palo Alt...

L1 Bithead

I opened a case before seeing this post.. but we ran into the issue this morning of lots of MS365 auth issued due to China being blocked. If anyone hears any updates let us know!

L0 Member

Had to revert to prior content we are waiting to her back from support now.

Would you like to inform us if you have an update in the case?

L0 Member

Update: https://live.paloaltonetworks.com/t5/customer-resources/ip-geolocation-issues-with-the-applications-...

CyberSec First Responder | GCFE | CCNA Cyber Ops | CVA | CICP | MCITP | MCSE | Google CA | A+

L0 Member

I am seeing the issue on a US IP location - IP range 8.42.246.0/24 as Portugal.

Any one else seeing this?  I have an open ticket - looks like it has been going on since 4/7/2022.

 

8.42.246.2
Portugal

@ChrisWietharn Yes, I see the same here.

CyberSec First Responder | GCFE | CCNA Cyber Ops | CVA | CICP | MCITP | MCSE | Google CA | A+

L0 Member

I have an open Case with Palo - they are reviewing currently.  Thank you for your response!!

L0 Member

Ensure that the most recent content version is installed on the device. To verify the Geolocation provided by the firewall, issue the display location ip command using the IP address.

  • 1 accepted solution
  • 6216 Views
  • 10 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!