Geolocation Service to identify source of traffic based on IP address

book

Article ID: 166498

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Starting with SGOS 6.5.x,  utilizing Web Application Firewall functionality and license, you can use client Geolocation Service to identify the source of traffic through the ProxySG appliance based on client IP address.
 
Starting with SGOS 6.6, Geolocation Service is available for Forward Proxy.
 
To use client geolocation, you must download a geolocation database. This database maps IP addresses to the countries with which they are associated and provides the supported names and codes for countries.

 

Resolution

Prerequisite for Using Client Geolocation

Before you can set up Client Geolocation, you must have a valid license for the feature. Refer to your Sales Engineer for more information.

 

To verify if you have a valid license, go to:

Management Console > Maintenance > Licensing > View and look for license details in the

Intelligence Service Bundles section.

 

If you do not have a valid license, the appliance is unable to download the database and the Management Console may display Health Monitoring errors. The access logs might also display error messages about the subscription.

 

Enabling geolocation

  1. In the Management Console, select Configuration > Geolocation > General.
  2. On the General tab, select the Enable Geolocation functionality on the device check box.
  3. Click Apply.

The appliance starts to download the geolocation database. Allow the

download to complete before attempting to use geolocation features.

 

Using Geolocation in Policy

You can add geolocation policy through the VPM or by composing Content Policy Language (CPL).

In the VPM, the Client Geolocation object is available in the Source column in policy layers. Refer to the Visual Policy Manager Reference for information.

In CPL, the client.address.country=<"country_name"> condition returns the country from which traffic originates, based on the client IP address.

 

Please see more info from Admin guide 6.5.x, https://support.symantec.com/en_US/article.DOC10069.html, page 318