6 Replies Latest reply on Aug 18, 2017 4:51 AM by secnubs

    Geo ID




      What does it mean when I get Geo Source/Destination ID 0 ? , is it because the Geolocation has no entry?

        • 1. Re: Geo ID

          What's the source IP and destination ip of the event? are they internal/local IPs?

          • 2. Re: Geo ID

            The Source is local and destination is :: (2 colon )

            • 3. Re: Geo ID

              Yep, ESM don't know where local IP is located and destination IP is null/empty.

              • 4. Re: Geo ID

                I'm having problem with my Geolocations, always the source and destination is the same, it always both display where the ESM is located, even though the source or destination is from other country, I'm using ESM 10.1

                • 5. Re: Geo ID

                  Pick a external FW event and have a look to see if ESM displays the geolocation info for an external IP address. I doubt ESM can determine geolocation based on just internal/local ip.

                  • 6. Re: Geo ID

                    Yes it is, when I check the packet the source/destination(Outside company network) geolocation is correct, however it will display my local geo(set on the zone) on both source/destination. Before I have ESM 9.5 the geolocation outside the company always display correct, but I didn't set a zone on 9.5 version.


                    Ex. The source IP is from Russia, on the Geolocation it is display on the Source Geo = Russia however on the the Destination geo will be blank (this is from my 9.5 version) because the zone is not define


                    Now On 10.1, I've define the Geolocation on the zone, but it will display it on both Source/Destination geo