Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ade_23
Staff
Staff

Created on ‎10-10-2024 07:04 AM Edited on ‎07-30-2025 04:29 AM By Community Manager

Article Id 347973

Technical Tip: How the FortiGate Geo IP database is updated and maintained

Description This article describes how the GeoIP database is managed by Fortinet and the different ways it can be used by the FortiGate.
Scope FortiGate v6.4 and above.
Solution

The FortiGate IP-Geolocation database shows/uses the physical location of an IP by default, which may not be the same as the location where its owner registered it. Showing the actual geographic location of the IP is very important in a variety of fields, ranging from location-based services to malware detection.

However, the database also includes the registration country data apart from geographic location data. To use the 'registration' location of an IP range along with/instead of its physical location in firewall policy, and if the device is running FortiOS 6.4+, refer to the documentation for instructions on modifying policy configuration:

Otherwise, consider setting up an exception policy (manual override) for the specific IP range:

How the GeoIP information is sourced and updated:

The GeoDB data is proprietary and generated through several measurement methods at different levels, incorporating vendor-based data. Analysis includes techniques like ping tests, BGP routing, reverse DNS lookups, and more. Fortinet also aggregates data from Regional Internet Registries and publicly available IP location announcements from major cloud providers.

 

The GeoDB is updated weekly, typically around Wednesday or Thursday. Refer to: IP Geolocation Service

 

Below is an example of FortiGate system event log with received FortiGuard GeoDB update:

 

date="2025-07-23" time="01:31:07" id=7530052915227000840 bid=3724127 dvid=1047 itime=1753227067 euid=3 epid=3 dsteuid=3 dstepid=3 logver=702111740 logid="0100041000" type="event" subtype="system" level="notice" msg="Fortigate scheduled update fcni=yes fdni=yes fsci=yes virdb(93.04804) etdb(93.04804) geoip(3.00291) from 149.5.232.66:443" logdesc="FortiGate update succeeded" status="update" eventtime=1753227066491762572 tz="+0200" devid="FGVM04TM00000001" vd="root" devname="FGT-LAB"

 

The same GeoDB update can be verified by using below FortiGate CLI command:

 

FGT-LAB (global) # diagnose autoupdate versions | grep -A6 Geo
IP Geography DB
---------
Version: 3.00291
Contract Expiry Date: n/a
Last Updated using scheduled update on Wed Jul 23 01:31:04 2025
Last Update Attempt: Wed Jul 30 10:55:05 2025
Result: No Updates
3799
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.