• SonicOS 7.1 Rules and Policies
• Overview
  • About SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• Settings
  • Configuring App/Match/Malware
  • Configuring Content Filtering Service (CFS)
    • SonicWall CFS
    • CFS Custom Category
  • Geo-IP
    • Custom List
      • Editing a Custom List Entry
      • Deleting Custom List Entries
    • Using Geo-IP Diagnostics
  • Botnet
    • Configuring Botnet Settings
    • Creating Custom Botnet Lists
    • Viewing Dynamic Botnets Lists
    • Configuring a Dynamic Botnet List Server
    • Using Botnet Diagnostics
  • Decryption (DPI-SSL)
    • Certificate
    • Common Name
    • SSL Servers
  • Decryption (DPI-SSH)
  • Signature Update
• Security Policy
  • User & Country
  • App/URL/Custom Match
• NAT Policy
  • About NAT in SonicOS
  • About NAT Load Balancing
    • Determining the NAT LB Method to Use
    • Caveats
    • How Load Balancing Algorithms are Applied
    • Sticky IP Algorithm Examples
      • Example One - Mapping to a Network
      • Example Two - Mapping to an IP Address Range
  • About NAT64
    • Use of Pref64::/n
  • About FQDN-based NAT
  • About Source MAC Address Override
  • Viewing NAT Policy Entries
    • Changing the Display
    • Filtering the Display
  • Adding or Editing NAT or NAT64 Rule Policies
  • Deleting NAT Policies
  • Creating NAT Rule Policies: Examples
    • Creating a One-to-One NAT Policy for Inbound Traffic
    • Creating a One-to-One NAT Policy for Outbound Traffic
    • Inbound Port Address Translation via One-to-One NAT Policy
    • Inbound Port Address Translation via WAN IP Address
    • Creating a Many-to-One NAT Policy
    • Creating a Many-to-Many NAT Policy
    • Creating a NAT Load Balancing Policy for Two Web Servers
• Routing
  • About Routing
    • About Metrics and Administrative Distance
      • About Metrics
      • About Administrative Distance
    • Route Advertisement
    • ECMP Routing
    • Policy-based Routing
    • Policy-based TOS Routing
    • PBR Metric-based Priority
    • Policy-based Routing and IPv6
    • OSPF and RIP Advanced Routing Services
      • About Routing Services
        • Protocol Type
        • Maximum Hops
        • Split-Horizon
        • Poison Reverse
        • Routing Table Updates
        • Subnet Sizes Supported
        • Autonomous System Topologies
      • OSPF Terms
    • Drop Tunnel Interface
    • App-based Routing
  • Rules and Policies >
    • Configuring
      • Adding Static Routes
      • Probe-Enabled Policy-based Routing Configuration
• Decryption Policy
  • Client-side SSL Rules
  • Server-side SSL Rules
  • SSH Rules
  • Setting up the Decryption Policy Table
    • Managing the Decryption Policy Toolbars
    • Changing the Policy Priority
    • Creating Decryption Policies
      • Adding Decryption Policies
      • Editing Decryption Policies
      • Deleting Decryption Policies
• DoS Policy
  • Setting up the DoS Policy Table
    • Managing the DoS Policy Toolbars
    • Changing the DoS Policy Priority
    • Creating DoS Policies
      • Adding DoS Policies
      • Editing DoS Policies
      • Deleting DoS Policies
• DNS Policy
  • Creating DNS Policies
    • Adding DNS Policies
    • Editing DNS Policies
    • Deleting DNS Policies
  • DNS Doctoring
• Endpoint Policy
• Shadow
• SonicWall Support
  • About This Document

Using Geo-IP Diagnostics

The POLICY | Rules and Policies > Settings > GEO-IP > Diagnostics page provides access to several tools:

Geo-IP Cache Statistics

• The Geo-IP Cache Statistics table contains this information:

• Location Server IP - Remote IP address of the Botnet Server. This is the IP address of the remote SonicWall Server (utmgbdata.global.sonicwall.com) that is serving the Geo-IP and Botnet Database for the firewall to use for lookups.

• Resolved Entries - Entries in the Location Table that have been checked against the Geo/Botnet DB for a result. This occurs for any IP that is looked up while the firewall has an internet connection and has downloaded the database.

• Unresolved Entries - Entries added to the Location Table that have not been checked against the Geo/Botnet DB for some reason, possibly due to loss of internet connection.

• Current Entry Count - Current number of IPs in the cache

• Max. Entry Count - Max cache count supported (Eg: TZ 300 – 10,000, TZ 500 – 15,000, NSa 2650 – 40,000, NSa 9650 – 50,000)

• Location Map Count - List of countries

Custom Countries Statistics

The Custom Countries Statistics table contains this information about the number of entries in the list and the number of times lookups have occurred for the entries:

• No of Entries - Number of IPs added to the custom list

• No of Times Called - Refers to the number of IPs that were looked up in the feature’s database

• No of Times Not Looked-up - Refers to number of IPs that were not looked up against that particular database because the feature was disabled

• No of Times Resolved - Number of IPs that were successfully checked against the custom list

Show Resolved Locations

Clicking Show Resolved Locations shows the list of IP addresses and the corresponding countries that they belong to.

Check GEO Location Server Lookup

The Geo-IP Filter also provides the ability to lookup IP addresses to determine:

• Domain name or IP address

• The country of origin

The Geo Location Lookup tool can also be accessed from the DEVICE | Diagnostics | Geo and Botnet page.