New Member

Solved

Can't create Geography address, country/region field is empty

Forum|Forum|1 year ago
April 18, 2025
3 replies
4648 views

Hi,

I'm using Fortigate-30E running FortiOS v6.2.16 build1392 (GA).

Not sure when it happened, but I can't create geography address anymore. It worked in the past.

As can be seen in the picture, the country/region field is empty with no entries.

Please advise,

Thanks, Ofir

FortiGate

Best answer by ofirbo

Hi,

After I've opened a ticket, I received from Fortinet a custom build (FGT_30E-v6-build5262-FORTINET.out) which solved the problem after upgrading.

AEK

SuperUser

Hello Ofir

Please share the following:

diagnose firewall ipgeo country-list
diagnose geoip ip2country 1.1.1.1
diagnose autoupdate versions | grep -A5 Geo

You may also need to update the GeoIP DB (if you have a valid subscription):

execute update-geo-ip
diagnose autoupdate versions | grep -A5 Geo

Also try create a GeoIP address object via CLI and see if it works:

config firewall address
 edit "geo_US"
  set type geography
  set country "US"
 next
end

Hope it helps.

AEK

ofirboAuthor

New Member

Hi AEK, attached are the requested outputs:

FortiGate-30E # diagnose firewall ipgeo country-list
Total countries loaded:0

FortiGate-30E # diagnose geoip ip2country 1.1.1.1
Invalid IP or IPv6 address

FortiGate-30E # diagnose autoupdate versions | grep -A5 Geo
IP Geography DB
---------
Version: 0.00000
Contract Expiry Date: n/a
Last Updated using manual update on Tue Nov 30 00:00:00 1999
Last Update Attempt: Fri Apr 18 15:29:03 2025

Can't add address object using CLI, getting the same error when trying to set country:

FortiGate-30E # config firewall address

FortiGate-30E (address) # edit "geo_US"
new entry 'geo_US' added

FortiGate-30E (geo_US) # set type geography

FortiGate-30E (geo_US) # set country "US"
Invalid country code: US
node_check_object fail! for country US

value parse error before 'US'
Command fail. Return code -89

I believe I have a valid subscription, but the DB update isn't working...

AEK

SuperUser

Can you show the status of other DBs?

diagnose autoupdate versions

AEK

SuperUser

Hi Ofir

I'm afraid you will need to format the device and reinstall FOS. According to @knaveenkumar 's tech tip this is the solution for this issue.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Unable-to-Create-the-GEO-block-policy-in-the/ta-p/342567

AEK

SuperUser

But before the above solution, you may try the two below solutions as last resort (use GeoIP v2 instead of GeoIP v3.

https://docs.fortinet.com/document/fortigate/6.2.16/fortios-release-notes/413989

Hope it helps.

AEK

ofirboAuthor

New Member

Hi, sorry for the delay.

Regarding the GeoIP v2 solution, if the fortigate is already with the latest firmware (FortiOS v6.2.16 build1392 (GA)) is this solution irrelevant? I didn't understand from the article what is the exact operation that change the DB from v3 to v2.

Is there a possibility to mount an external USB flash drive to enlarge space and install without formatting the unit to factory default?

Thanks

SoportePK

Visitor III

Same case here. I also I opened a new ticket.

Exacty the same problem

ofirboAuthorAnswer

New Member

Hi,

After I've opened a ticket, I received from Fortinet a custom build (FGT_30E-v6-build5262-FORTINET.out) which solved the problem after upgrading.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded