Technical Tip: How to override Geo-IP database
Description
This article describes how to override FortiGate's Geo-IP address database.
FortiGate's Geo-IP address database shows and uses the physical location of an IP address by default, but in some cases, an IP address can be physically set on a device in one country, but that address is registered to a different country. The geo IP database can be overridden with the commands outlined below.
Note: If VDOMs are enabled on the FortiGate, the ipgeo override feature is configured from the 'global' VDOM:
config vdom
edit global
config system geoip-override
edit "United States"
config ip-range
edit 1
set start-ip 173.243.138.81
set end-ip 173.243.138.81
next
end
next
end
Note: If VDOMs are not enabled on the FortiGate, there is no need to specify the VDOM when entering the ipgeo override commands:
config system geoip-override
edit "United States"
config ip-range
edit 1
set start-ip 173.243.138.81
set end-ip 173.243.138.81
next
end
next
end
To confirm that the above configuration was successful, use any of the below commands:
Note: If VDOMs are enabled on the FortiGate, the 'diagnose firewall ipgeo override' command must be run from the 'global' VDOM, but all others can be run from any VDOM:
diagnose firewall ipgeo override
Location: USA, code: A0 (ip-ranges 0) (ip6-ranges 0)
Location: United States, code: A1 (ip-ranges 1) (ip6-ranges 0)
ip-range 1: 173.243.138.81 - 173.243.138.81
Related article: