FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hrahuman_FTNT
Article Id 193435

Description

 

This article describes how to overrode Geo-IP database. In some cases, it is possible to notice that some IPs are registered by some country. 

 
However, FortiGuard Geo-IP database will show as different country it is highly likely that some IP of same subnet may deployed on some devices in the different country. 
 
Scope
 
FortiGate.
 
Solution
 

When VDOM is enabled:

 

config vdom

edit <vdom-name>

config system geoip-override

edit "United\ States"

config ip-range

edit 1

set start-ip 173.243.138.81

set end-ip 173.243.138.81

next

end

next

end

 

Without VDOM:

 

config system geoip-override

edit "United\ States"

config ip-range

edit 1

set start-ip 173.243.138.81

set end-ip 173.243.138.81

next

end

next

end

 

To confirm this, run the following:

 

diagnose firewall ipgeo override

Location: United States, code: A0 (ip-ranges 1)

ip-range 1: 141.8.193.33 - 141.8.193.33

 

diagnose geoip ip2country 173.243.138.81

173.243.138.81 - United States, is not anycast ip

 

diagnose geoip iprange United\ States | grep 173.243.138.81

173.243.138.81 -- 173.243.138.81

 

diagnose firewall ipgeo ip-list US | grep 173.243.138.81

173.243.138.81 - 173.243.138.81


The IP-Geolocation database shows and uses the physical location of an IP by default, which is not exactly the entity that registered this IP. The geo IP database can be overridden with the above commands.

 

Related article: