Geo-IP filter status shows "Country Database: Not downloaded"
08/26/2020 88 15000
This article explains the troubleshooting steps for Geo-IP filter status showing "Country Database: Not downloaded"
In order for the country database to be downloaded, the firewall should have the Geo-IP feature turned ON. Without this enabled, the firewall will not attempt to download the database. You can enable Geo-IP filter from MANAGE | Security Services | GEO-IP Filter and Settings tab.
Once enabled, the appliance must be able to resolve the following URL depending on model:
Generation 5 SonicWall (Devices running 5.8 or 5.9 firmware) | "gbdata.global.sonicwall.com"
Generation 6 SonicWall (Devices running 6.2 or 6.5 firmware) | "utmgbdata.global.sonicwall.com"
For Gen 5 appliances, you can navigate to System | Diagnostics and use DNS name lookup under Diagnostic Tools.
For Gen 6 appliances, you can navigate to INVESTIGATE | System Diagnostics and use DNS name lookup under Diagnostic Tools.
If they are able to resolve the domains, then the download should be successful momentarily after turning ON the feature. If the DNS resolution is not successful, navigate to MANAGE | Network | DNS and use a public DNS server such as 184.108.40.206 or 220.127.116.11 as the primary DNS server manually.
Even after all these steps, if the database download is not successful, the following steps can be taken to download and install the geo-ip database manually.
- To download the Geo-IP signatures manually, visit mysonicwall.com and login with the account that your SonicWall is registered to.
- Click Product Management | My Products and locate the device you want to download this for. Hover on the product item and select the License icon.
- Click on download option for 'Download Geo-IP Signatures'. It should download the signature file with extension .gz
- Navigate to the diag page of the firewall UI. The Diag page can be reached by typing in the LAN IP of the SonicWall in the browser, with a /diag.html at the end.
- Click on Internal Settings and enable the option 'Allow Geo-IP/Botnet Filter map database file upload' under 'GeoIP/Location Service' section.
- Navigate to MANAGE | Security Services | Base Setup and scroll down for 'Update Geo-IP Database manually' section. Click on 'Import Geo-IP Database' and browse the .gz file downloaded in Step 3 and click on Import.
- A warning message will appear and you can click on OK.
- If the file upload was successful, a status update should show up at the bottom.
- The country database should now be in downloaded status.