Wednesday, August 2, 2017

FortiOS GEOIP tips

The GEO-IP is a feature in fortigate , very simple to use and here's some  tips and tricks for  getting around it.

Here's a few things to considered;


  • Updates are pushed via an active  fortiguard subscriptions to the fortigates under contract
  • It does not support ipv6  GEOIP database at this time
  • There's no manual updates you  can push
  • You can craft  firewall address objects with custom GEOIP data
  • Keep in mind you can't assign a IANA assigned 2 letter GEO id for custom  firewall address



TIP#1

To get the  current   versions of geoip

diag autoupdate versions



IP Geography DB
---------
Version: 1.054
Contract Expiry Date: n/a
Last Update Date: Tue Aug 30 14:10:59 2016




TIP#2


To execute  update request from  command line

diag debug reset
diag debug enable
diag debug application  update -1
execute  update-geo-ip
diag debug  reset 
diag debug disable


TIP#3

To find  network ranges per country

FW01 $ diag firewall ipgeo ip-list ST
         45.42.228.0 - 45.42.228.127
        46.36.203.71 - 46.36.203.75
       104.167.215.0 - 104.167.215.255
         154.72.12.0 - 154.72.15.255
       197.159.160.0 - 197.159.191.255
Country name:ST Total IP Range:5




TIP#4

To find   what country a ipv4 address belongs to;

diag firewall ipgeo ip2country 169.254.23.22
169.254.23.22 is in country:ZZ







Ken   Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 


        /  \

No comments:

Post a Comment