Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1925
Views
5
Helpful
1
Replies

Geolocation discrepencies

Go to solution
N3t W0rK3r
Level 3
Level 3

‎08-15-2019 10:55 AM

Hi there,


We're running FMC v6.3.04(44) with Geolocation update 2019-07-18-003.

 

We have noticed that some IP addresses get identified by FMC as originating from the US, but many other online sources when queried for the same IP address show the address being located in Russia.  This is an issue for us as we have policies in place to specifically to block traffic to and from this country, as well as some others.  These policies break in this case, allowing the traffic to pass.


A sample IP is 93.158.161.26 .

 

Is this a bug, or is something else going on here?  Please advise.

 

Thanks.

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-15-2019 08:59 PM

The Cisco Geolocation feed is reporting the correct public registration information per the RIPE registrar:

https://apps.db.ripe.net/db-web-ui/#/query?searchtext=93.158.161.26

It appears this Russian company has changed the registration or is otherwise somehow getting attributed as being USA-based.

I just confirmed the same issue myself. My FMC is 6.4.0.3 running the latest Geolocation database (same version as yours). FMC reports the address as USA (consistent with the RIPE registrar).

 

Notably Cisco's Umbrella Investigate shows it as Russian.

 

FMC GeolocationFMC GeolocationFMC StatusFMC StatusUmbrella Investigate ReportUmbrella Investigate Report

View solution in original post

1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-15-2019 08:59 PM

The Cisco Geolocation feed is reporting the correct public registration information per the RIPE registrar:

https://apps.db.ripe.net/db-web-ui/#/query?searchtext=93.158.161.26

It appears this Russian company has changed the registration or is otherwise somehow getting attributed as being USA-based.

I just confirmed the same issue myself. My FMC is 6.4.0.3 running the latest Geolocation database (same version as yours). FMC reports the address as USA (consistent with the RIPE registrar).

 

Notably Cisco's Umbrella Investigate shows it as Russian.

 

FMC GeolocationFMC GeolocationFMC StatusFMC StatusUmbrella Investigate ReportUmbrella Investigate Report

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card