cancel
Showing results for 
Search instead for 
Did you mean: 
secnubs
Level 7

Geo ID

Hi,

What does it mean when I get Geo Source/Destination ID 0 ? , is it because the Geolocation has no entry?

0 Kudos
6 Replies
sssyyy
Level 12

Re: Geo ID

What's the source IP and destination ip of the event? are they internal/local IPs?

0 Kudos
secnubs
Level 7

Re: Geo ID

The Source is local and destination is :: (2 colon )

0 Kudos
sssyyy
Level 12

Re: Geo ID

Yep, ESM don't know where local IP is located and destination IP is null/empty.

secnubs
Level 7

Re: Geo ID

I'm having problem with my Geolocations, always the source and destination is the same, it always both display where the ESM is located, even though the source or destination is from other country, I'm using ESM 10.1

0 Kudos
sssyyy
Level 12

Re: Geo ID

Pick a external FW event and have a look to see if ESM displays the geolocation info for an external IP address. I doubt ESM can determine geolocation based on just internal/local ip.

0 Kudos
secnubs
Level 7

Re: Geo ID

Yes it is, when I check the packet the source/destination(Outside company network) geolocation is correct, however it will display my local geo(set on the zone) on both source/destination. Before I have ESM 9.5 the geolocation outside the company always display correct, but I didn't set a zone on 9.5 version.

Ex. The source IP is from Russia, on the Geolocation it is display on the Source Geo = Russia however on the the Destination geo will be blank (this is from my 9.5 version) because the zone is not define

Now On 10.1, I've define the Geolocation on the zone, but it will display it on both Source/Destination geo

0 Kudos