Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
CarlosColombini
Staff
Staff

Created on ‎12-25-2022 10:49 PM Edited on ‎03-16-2023 06:23 PM By Staff

Article Id 240811

Technical Tip: GeoIP Database version out of date after firmware upgrade

Description

 

This article describes the behavior of Geography IP Database version after firmware update.

 

Scope

 

FortiGate 6.0.4+, 6.2.0+, 6.4.0+, 7.0.0+, 7.2.0+.

 

Solution

 

Starting with FortiOS version 6.0.4, the GeoIP Database is included in the system firmware image to prevent incompatibility issues from older GeoIP Database with newer System Firmware.

 

This database version may be out of date right after a firmware upgrade process but will be updated in the next scheduled signature update.

 

Note.
The same behavior is applicable for a firmware downgrade.

Depending on the settings for the auto-update schedule, it may drop traffic controlled by GeoIP objects until this database version is updated if the IP does not match the Country listed in the older database.

 

In the example below, FortiGate was running firmware version 7.0.8 and GeoIP database version 3.00155.

 

# get sys auto-update versions | grep -iA6 geo
IP Geography DB
---------
Version: 3.00155
Contract Expiry Date: n/a
Last Updated using manual update on Tue Dec 20 14:04:39 2022
Last Update Attempt: Tue Dec 20 14:04:39 2022
Result: Updates Installed


With this database version, IP 45.136.240.2 is listed as the country United States (US).

# sudo root diagnose firewall ipgeo ip2country 45.136.240.22
45.136.240.22 is in country: US, registered country is US, is not anycast ip.

 

# di geoip ip2country 45.136.240.22
45.136.240.22 - United States, is not anycast ip

 

This FortiGate was then upgraded to firmware version 7.0.9, where the GeoIP DB version loaded in the firmware image is 3.00041. 

# get sys auto-update versions | grep -iA6 geo
IP Geography DB
---------
Version: 3.00041
Contract Expiry Date: n/a
Last Updated using manual update on Wed Oct 16 21:05:00 2019
Last Update Attempt: Tue Dec 20 13:48:33 2022
Result: No Updates


#sudo root diagnose firewall ipgeo ip2country 45.136.240.22 <----- 45.136.240.22 is in country: IL, registered country is IL, is not anycast IP.

 

The solution is to trigger an update for Database Definitions. This can be done from GUI and CLI.

From GUI, go to System -> FortiGuard and select 'Update Licenses & Definitions Now'.

 

CarlosColombini_0-1671918361906.png

 

From CLI, run the following command:

 

# execute update-geo-ip

 

To have the Geo IP database updated right after a firmware upgrade, an auto-script can be configured from CLI as below:

 

# config system auto-script
    edit "geoIP-update"
        set start auto
        set script "execute update-geo-ip"
    next
end

 

Related Article:

Troubleshooting Tip: GeoIP database not up-to-date

2433
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.