Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
AACastillo
Staff
Staff

Created on ‎12-26-2024 05:54 AM

Article Id 366670

Troubleshooting Tip: FortiWeb shows a wrong geolocation of specific public IP addresses

Description This article describes how to check FortiWeb operation and configuration when FortiWeb shows a wrong geolocation of public IP addresses.
Solution

A FortiWeb can show a wrong IP geolocation (shows the location of a public IP address in another country instead its current and real location) when its Geolocation Database (or GEODB) is not updated or that IP was recently moved to another country.

 

This can be seen in the FortiWeb's Traffic or Attack logs. Check the current FortiWeb GEODB database version using the following command:

 

diag sys update info | grep -A 10 GEO

FortiWeb GEODB
----------
Version: Fortiweb-Country-Build0258 2024-12-03
Expiry Date: Fri May 02 2025
Last Update Date: Tue Dec 17 03:54:09 2024
Next Update Date: Tue Dec 24 18:00:00 2024
Historical versions
----------
Fortiweb-Country-Build0257 2024-11-26 Dec/17/2024-03:54:09
Fortiweb-Country-Build0257 2024-11-26 Dec/17/2024-03:54:09

 

Each field of this command results shows this information:

  • Version: Current FortiWeb GEODB version installed. Keep in mind the shower date (in this example, 2024-12-03) is the time when FortiGuard released this GEODB version; this database is updated periodically but not daily.
  • Expiry Date: The date until which FortiWeb will receive these updates. This is related to FortiWeb's license.
  • Last Update Date: Last time when the GEODB was updated in the FortiWeb.
  • Next Update Date: The next date when FortiWeb will check updates in the GEODB. If a new version is released, FortiWeb will update it.
  • Historical versions: Last times when FortiWeb updated the GEODB successfully or when FortiWeb tried to update it and error appeared.

If this FortiWeb GEODB is not updated, force a FortiWeb's update in System -> Config -> FortiGuard, then in FortiWeb Update Service Options select Update Now (this action DOES NOT REBOOT the FortiWeb):

 

001a.png

 

This update can also be done using the CLI command (this command DOES NOT REBOOT the FortiWeb):

 

exec update-now

 

Wait about 3-5 minutes. After that, execute the following command and check the last update dates and versions, especially of FortiWeb GEODB:

 

diag sys update info

 

If the last update dates do not show the current date or the database versions are old, check the FortiWeb internet connection and the connectivity with FortiGuard services.

 

After confirming the FortiWeb GEODB is updated, check if geolocation is working correctly using the following command with one of the reported IP addresses:

 

diag test app geodb XX.XX.XX.XX (XX.XX.XX.XX = Reported IP address)

 

Based on the installed GEODB, FortiWeb will show the IP geolocation.

 

For example:

 

FortiWeb # diag test app geodb 186.155.14.106
GEO database version: Fortiweb-Country-Build0258 2024-12-03.
IP 186.155.14.106 location: Colombia(CO). <----- FortiWeb shows the correct IP geolocation.

 

This information can be confirmed using the FortiGuard services on this site: FortiGuard IP Geolocation Service

 

002a.png

 

Related article:
Troubleshooting Tip: Unable to connect to FDS servers
Labels:
407
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.