|
The FortiGate IP-Geolocation database shows/uses the physical location of an IP by default, which may not be the same as the location where its owner registered it. Showing the actual geographic location of the IP is very important in a variety of fields, ranging from location-based services to malware detection.
However, the database also includes the registration country data apart from geographic location data. To use the 'registration' location of an IP range along with/instead of its physical location in firewall policy and if the device is running FortiOS 6.4+, refer to the documentation for instructions on modifying policy configuration:
Otherwise, consider setting up an exception policy (manual override) for the specific IP range https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/286826/geography-based-addre...
- Make sure to check the appropriate guide for the FortiOS version being used.
How the GeoIP information is sourced and updated:
The GeoDB data is proprietary and generated through several measurement methods at different levels, incorporating vendor-based data. Analysis includes techniques like ping tests, BGP routing, reverse DNS lookups, and more. Fortinet also aggregates data from Regional Internet Registries and publicly available IP location announcements from major cloud providers.
The GeoDB is updated weekly, typically around Wednesday or Thursday.
|
