Here's a few things to considered;
- Updates are pushed via an active fortiguard subscriptions to the fortigates under contract
- It does not support ipv6 GEOIP database at this time
- There's no manual updates you can push
- You can craft firewall address objects with custom GEOIP data
- Keep in mind you can't assign a IANA assigned 2 letter GEO id for custom firewall address
TIP#1
To get the current versions of geoip
diag autoupdate versions
IP Geography DB
---------
Version: 1.054
Contract Expiry Date: n/a
Last Update Date: Tue Aug 30 14:10:59 2016
To execute update request from command line
diag debug reset
diag debug enable
diag debug application update -1
execute update-geo-ip
diag debug reset
diag debug disable
TIP#3
To find network ranges per country
FW01 $ diag firewall ipgeo ip-list ST
45.42.228.0 - 45.42.228.127
46.36.203.71 - 46.36.203.75
104.167.215.0 - 104.167.215.255
154.72.12.0 - 154.72.15.255
197.159.160.0 - 197.159.191.255
Country name:ST Total IP Range:5
TIP#4
To find what country a ipv4 address belongs to;
diag firewall ipgeo ip2country 169.254.23.22
169.254.23.22 is in country:ZZ
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment