Created on 10-12-2021 02:11 AM Edited on 07-31-2024 07:57 AM By Stephen_G
Description
This article describes how to overrode Geo-IP database. In some cases, it is possible to notice that some IPs are registered by some country.
When VDOM is enabled:
config vdom
edit <vdom-name>
config system geoip-override
edit "United\ States"
config ip-range
edit 1
set start-ip 173.243.138.81
set end-ip 173.243.138.81
next
end
next
end
Without VDOM:
config system geoip-override
edit "United\ States"
config ip-range
edit 1
set start-ip 173.243.138.81
set end-ip 173.243.138.81
next
end
next
end
To confirm this, run the following:
diagnose firewall ipgeo override
Location: United States, code: A0 (ip-ranges 1)
ip-range 1: 141.8.193.33 - 141.8.193.33
diagnose geoip ip2country 173.243.138.81
173.243.138.81 - United States, is not anycast ip
diagnose geoip iprange United\ States | grep 173.243.138.81
173.243.138.81 -- 173.243.138.81
diagnose firewall ipgeo ip-list US | grep 173.243.138.81
173.243.138.81 - 173.243.138.81
The IP-Geolocation database shows and uses the physical location of an IP by default, which is not exactly the entity that registered this IP. The geo IP database can be overridden with the above commands.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.