cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1112
Views
23
Helpful
14
Replies

Geolocation data not showing after uppgrading FMC to 7.4.2.1

Chess Norris
Level 4
Level 4

Hello,

After upgrading a coupple of FMCs to version 7.4.2.1, we noticed that the "Initiator Country" on the connection events page no longer show any data. We tried to manually update the GeoDB file, but we still not seeing any country information. Here is a screenshoot of the Geolocation version we are running. I noticed that " IP package" is missing but I dont think it was ever installed.

Geolocation version.JPG

 

Anyone else noticed this on version 7.4.2.1?

Thanks

/Chess

14 Replies 14

Marvin Rhoads
Hall of Fame
Hall of Fame

Try selecting the IP Package Download further down on the page and then force a One-Time Geolocation Update.

IP Package will be deprecated in future releases, and poses no function in newer releases, even if checked.

Chess Norris
Level 4
Level 4

@Marvin Rhoads  Unfortunately it didn't work. However, I just realize that I can see "destination country data" if I add it as a filter. Must be a bug. Will probably raise a ticket with TAC tomorrow.

Skärmbild 2024-11-05 162102.JPG

Skärmbild 2024-11-05 162201.JPG

/Chess

mperez0908
Level 1
Level 1

Hello Chess,

Our Cyber Team has a Splunk dashboard for incoming communication from countries that should not be allowed in our network and Yesterday they reported the issues to us. We upgraded our FMC's two weeks ago and did not realize that the FMC was failing to log the countries. I did find it interesting because there is a way in the FMC to test if the Geolocation is working under Analysis -> Advanced-> Geolocation and it is able to identify the IP by country.

After troubleshooting I noticed that the FMC was able to identify countries that were in one of our rules. Therefore for troubleshooting purposes I added a rule below and blocked all other countries. After that I noticed that the FMC was identifying the countries that we are most worried about.

mperez0908_0-1730821397453.png

Of course it is only temporary since I opened up a ticket with Cisco.

 

basheerh
Level 1
Level 1

Hello Chess,

I have the same issue and it is related to Cisco Bug: CSCwn08354 - After upgrade to 7.4.2, RAVPN dashboard no longer shows country codes as per Cisco TAC.

mrjelly
Level 1
Level 1

Hello,

is there a workaround or fix for this?

No workaround at the moment, but I was told by TAC that engineering and dev are currently working on this issue.

/Chess

I check this note in cisco doc. 
I think it issue here but let wait TAC answer and please share with us the solution 
thanks 

cisco doc.
"""In May 2022 we split the GeoDB into two packages: a country code package that maps IP addresses to countries/continents, and an IP package that contains contextual data. The new country code package has the same file name as the old all-in-one package. This allows FMCs running Version 7.1 and earlier to continue to obtain GeoDB updates. However, because this package now contains only country code mappings, the contextual data is no longer updated and will grow stale. To obtain fresh data, upgrade or reimage to Version 7.2+ and update the GeoDB. Note that this split does not affect geolocation rules or traffic handling in any way—those rules rely only on the data in the country code package."""

MHM

Chess Norris
Level 4
Level 4

Hello,

TAC just got back to me with the following update. 

<B>Workaround:</B>

Install GeoDB country code (CC) update version 2024-11-09-057 or later on the FMC.

There should also be a note about this workaround, but for some reason I cannot open the link that TAC sent me -maybe  is not yet publicly available?

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwn08354 

I have not test it myself yet, so I cannot confirm it works. Will probably installed it later this afternoon.

/Chess

Thanks for sharing this workaround. Btw, me too I couldn't access bug page.

It appears Cisco have made the Bug public now - the link worked for me.

I can confirm, it's now working for me as well.

Chess Norris
Level 4
Level 4

I can confirm that Geodata now beeing populated in the event log again on my Lab FMC after installing Cisco_Firepower_GEODB_Update-2024-11-09-057.sh.REL.tar

Geodata.jpg

/Chess

mrjelly
Level 1
Level 1

I can confirm since installing the Geolocation DB manual upgrade, I am now seeing location data.

 

Was working for me for 7.4.2 but stopped working 7.4.2.1

 

Now working

Review Cisco Networking for a $25 gift card