Configuring local/private subnets for geolocation in Security Analytics

book

Article ID: 168945

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

The Blue Coat Security Analytics (SA) Platform provides "geolocation," which is a representation of a host location on a world map.

In the SA's Geolocation settings, the Internal Subnets section can be used to specify the geographic location of private IP subnets in an internal network.

By definition, internal subnets do not have an externally knowable geographic location and by default are located at 0 latitude, 0 longitude. Use the Internal Subnets feature to specify where your subnets are located on the world map.

Example: A company has offices in New York, Vancouver, and Tokyo. Their network IPs are 10.1.0.0/16 for New York, 10.2.0.0/16 for Vancouver, and 10.3.0.0/16 for Tokyo. Without setting the internal subnet values, they would all appear at 0,0 on the map. With the Internal Subnets feature, the subnets appear in their proper locations.

Note: the Internal Subnets feature only works for private subnets such as those in the 10.x, 192.x, and 172.x ranges. The location of a public IP range cannot be overridden using this feature.

Geolocation - Internal Subnets settings page

Attachments