6 Replies Latest reply on Aug 18, 2017 4:51 AM by secnubs

    Geo ID

    secnubs

      Hi,

       

      What does it mean when I get Geo Source/Destination ID 0 ? , is it because the Geolocation has no entry?

        • 1. Re: Geo ID
          sssyyy

          What's the source IP and destination ip of the event? are they internal/local IPs?

          • 2. Re: Geo ID
            secnubs

            The Source is local and destination is :: (2 colon )

            • 3. Re: Geo ID
              sssyyy

              Yep, ESM don't know where local IP is located and destination IP is null/empty.

              • 4. Re: Geo ID
                secnubs

                I'm having problem with my Geolocations, always the source and destination is the same, it always both display where the ESM is located, even though the source or destination is from other country, I'm using ESM 10.1

                • 5. Re: Geo ID
                  sssyyy

                  Pick a external FW event and have a look to see if ESM displays the geolocation info for an external IP address. I doubt ESM can determine geolocation based on just internal/local ip.

                  • 6. Re: Geo ID
                    secnubs

                    Yes it is, when I check the packet the source/destination(Outside company network) geolocation is correct, however it will display my local geo(set on the zone) on both source/destination. Before I have ESM 9.5 the geolocation outside the company always display correct, but I didn't set a zone on 9.5 version.

                     

                    Ex. The source IP is from Russia, on the Geolocation it is display on the Source Geo = Russia however on the the Destination geo will be blank (this is from my 9.5 version) because the zone is not define

                     

                    Now On 10.1, I've define the Geolocation on the zone, but it will display it on both Source/Destination geo