Before creating a TAC ticket, follow the steps:

• First, check the current GEO-IP database version using this command:

get system upd-db-version

• Then update the GEO-IP database using the command below:

execute update fwdb

• It is also possible to use the following command to update all the security databases:

execute update-now

If the Fortiweb still presents GEO-IP discrepancies, create a TAC ticket and upload the following information.

1. Configuration file: Go to System -> Maintenance -> Backup & Restore (Backup).
   
   
2. Debug logs: Go to System -> Config -> Features Visibility -> make sure Debug is enabled. Then go to System -> Maintenance -> Debug -> Download the file.
   
   
3. Test connectivity for the FortiGuard Services by executing the following commands

execute telnettest service.fortiguard.net:443
execute telnettest update.fortiguard.net:443

4. Use the following command to check if an IP address is in the correct geoDB database.

diagnose test application geodb <IP_address>

FortiWeb uses a MaxMind GeoLite database (https://www.maxmind.com) that maps geographical regions to all public IP addresses associated with them.

5. Run the command: 'diag system update info' then 'exec update-now' and wait for 10 min before running again 'diag system update info'.

Related document:

GEO IP - Blocklisting & whitelisting countries & regions - FortiWeb Administration Guide.