Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
840
Views
23
Helpful
14
Replies

Geolocation data not showing after uppgrading FMC to 7.4.2.1

Chess Norris
Level 4
Level 4

‎11-04-2024 05:58 AM

Hello,

After upgrading a coupple of FMCs to version 7.4.2.1, we noticed that the "Initiator Country" on the connection events page no longer show any data. We tried to manually update the GeoDB file, but we still not seeing any country information. Here is a screenshoot of the Geolocation version we are running. I noticed that " IP package" is missing but I dont think it was ever installed.

Geolocation version.JPG

 

Anyone else noticed this on version 7.4.2.1?

Thanks

/Chess

5 people had this problem
0 Helpful
14 Replies 14

Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-05-2024 05:19 AM

Try selecting the IP Package Download further down on the page and then force a One-Time Geolocation Update.

AViftrup
Level 1
Level 1
In response to Marvin Rhoads

‎11-10-2024 01:20 AM

IP Package will be deprecated in future releases, and poses no function in newer releases, even if checked.

Chess Norris
Level 4
Level 4

‎11-05-2024 07:23 AM - edited ‎11-05-2024 07:24 AM

@Marvin Rhoads  Unfortunately it didn't work. However, I just realize that I can see "destination country data" if I add it as a filter. Must be a bug. Will probably raise a ticket with TAC tomorrow.

Skärmbild 2024-11-05 162102.JPG

Skärmbild 2024-11-05 162201.JPG

/Chess

mperez0908
Level 1
Level 1

‎11-05-2024 07:47 AM

Hello Chess,

Our Cyber Team has a Splunk dashboard for incoming communication from countries that should not be allowed in our network and Yesterday they reported the issues to us. We upgraded our FMC's two weeks ago and did not realize that the FMC was failing to log the countries. I did find it interesting because there is a way in the FMC to test if the Geolocation is working under Analysis -> Advanced-> Geolocation and it is able to identify the IP by country.

After troubleshooting I noticed that the FMC was able to identify countries that were in one of our rules. Therefore for troubleshooting purposes I added a rule below and blocked all other countries. After that I noticed that the FMC was identifying the countries that we are most worried about.

mperez0908_0-1730821397453.png

Of course it is only temporary since I opened up a ticket with Cisco.

 

basheerh
Level 1
Level 1

‎11-09-2024 04:35 PM

Hello Chess,

I have the same issue and it is related to Cisco Bug: CSCwn08354 - After upgrade to 7.4.2, RAVPN dashboard no longer shows country codes as per Cisco TAC.

mrjelly
Level 1
Level 1

‎11-13-2024 02:50 AM

Hello,

is there a workaround or fix for this?

0 Helpful

Chess Norris
Level 4
Level 4
In response to mrjelly

‎11-13-2024 04:31 AM - edited ‎11-13-2024 04:31 AM

No workaround at the moment, but I was told by TAC that engineering and dev are currently working on this issue.

/Chess

MHM Cisco World
VIP
VIP
In response to Chess Norris

‎11-13-2024 04:46 AM

I check this note in cisco doc. 
I think it issue here but let wait TAC answer and please share with us the solution 
thanks 

cisco doc.
"""In May 2022 we split the GeoDB into two packages: a country code package that maps IP addresses to countries/continents, and an IP package that contains contextual data. The new country code package has the same file name as the old all-in-one package. This allows FMCs running Version 7.1 and earlier to continue to obtain GeoDB updates. However, because this package now contains only country code mappings, the contextual data is no longer updated and will grow stale. To obtain fresh data, upgrade or reimage to Version 7.2+ and update the GeoDB. Note that this split does not affect geolocation rules or traffic handling in any way—those rules rely only on the data in the country code package."""

MHM

Chess Norris
Level 4
Level 4

‎11-14-2024 12:26 AM - edited ‎11-14-2024 12:34 AM

Hello,

TAC just got back to me with the following update. 

<B>Workaround:</B>

Install GeoDB country code (CC) update version 2024-11-09-057 or later on the FMC.

There should also be a note about this workaround, but for some reason I cannot open the link that TAC sent me -maybe  is not yet publicly available?

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwn08354 

I have not test it myself yet, so I cannot confirm it works. Will probably installed it later this afternoon.

/Chess

Aref Alsouqi
VIP
VIP
In response to Chess Norris

‎11-14-2024 03:12 AM

Thanks for sharing this workaround. Btw, me too I couldn't access bug page.

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Aref Alsouqi

‎11-15-2024 04:42 AM

It appears Cisco have made the Bug public now - the link worked for me.

Aref Alsouqi
VIP
VIP
In response to Marvin Rhoads

‎11-15-2024 06:33 AM

I can confirm, it's now working for me as well.

0 Helpful

Chess Norris
Level 4
Level 4

‎11-14-2024 02:08 AM - edited ‎11-14-2024 02:09 AM

I can confirm that Geodata now beeing populated in the event log again on my Lab FMC after installing Cisco_Firepower_GEODB_Update-2024-11-09-057.sh.REL.tar

Geodata.jpg

/Chess

mrjelly
Level 1
Level 1

‎11-14-2024 09:23 AM

I can confirm since installing the Geolocation DB manual upgrade, I am now seeing location data.

 

Was working for me for 7.4.2 but stopped working 7.4.2.1

 

Now working

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card