Updating location attributes

To define policy that is based on geolocation, you must update the geolocation database with appropriate location and IP data.

About this task

When a request is received, a GeoLocator policy information point (PIP) determines the location of the device that made the request. The device IP address as determined by the point of contact server is the input to the PIP. The PIP reads the geolocation database to determine the device location.

All location attributes stored in the database are shown as environment attributes that you can use to author policies.

Location attributes include:
  • Country
  • State or region
  • City
Attention: Sample data is included in the geolocation database. However, this sample data cannot be used in a production environment. Use the sample files for IPv4, IPv6, or both to create your own file. To locate the files, log in to the local management interface and click Manage System Settings > Secure Settings > File Downloads. Then expand access_control > cba > geolocation.

Procedure

  1. Obtain or create an appropriate geolocation data file in ZIP format.
    The file or files you must use depend on whether you want support for IPv4 addresses, IPv6 addresses, or both.
    Note: Both IPv4 and IPv6 files must be in the import ZIP, even if only one of the two data sets are going to be used.
    • For IPv4: The file must contain two CSV files. One file contains all of the possible locations and the other contains the IP blocks and their corresponding locations.
      Locations file
      GeoIP (version 1 database)
      Each line in the locations file corresponds to one location and is in the following format:
      location id,country,region,city,,,,,
      Attention: You must include the 5 commas after citycommas in your locations file for version 1 data.
      GeoIP (version 2 database)
      Each line in the locations file corresponds to one location and is in the following format: 
      geoname id,,,,country iso code,,subdivision 1 iso code,,,,city name,,,
      Attention: You must include the four commas separating the geoname id and country iso code, the two commas separating the country iso code and subdivision (region) iso code, the four commas separating the subdivision iso code and city name and the three commas after the city name in your location file for version 2 data.
      country
      A two-letter country code. For assistance with locating a country code, see geoCountryCode in Predefined attributes.
      region
      A two-character region code. For assistance with locating a region code, see geoRegionCode in Predefined attributes.
      city
      The name of a city.
      The locations file must have Location in its file name. The sample provided is named: GeoLiteCity-Location.csv
      IP blocks file
      GeoIP (version 1 database)
      Each line in the IP blocks file corresponds to one IP block and is in the following format:
      startip,endip,location id
      GeoIP (version 2 database)
      Each line in the IP block file corresponds to one IP block and is in the following format:
      network (CIDR format),geoname_id,,,,,,latitude,longitude,
      Attention: You must include the 6 commas after geoname_id and the trailing commas in your IPv4 log block files for version 2 data.
      startip
      The first IP address in the block that is represented as an integer.
      endip
      The last IP address in the block that is represented as an integer.
      location id
      The integer that is defined in the locations file that corresponds with the IP block.
      The IP blocks file must have Blocks in its name. The sample provided is named: GeoLiteCity-Blocks.csv
      Attention: Ensure that the CSV files contain all of the data that you want to load in the database. When you import the file, the existing data is removed and replaced with the data in the file.
    • For IPv6: The file must contain one CSV file that contains all of the location and IP block information.
      Each line in the file corresponds to one location and IP block combination:
      GeoIP (version 1 database):
      Each line in the file corresponds to one location and IP block combination in the format: 
      startip string, endip string, startip int, endip int, country,
  region, city,,,,,
      Attention: You must include the 5 commas after city in your IPv6 block file.
      GeoIP (version 2 database):
      Each line in the file corresponds to one location and IP block combination in the format: 
      network (CIDR format),geoname_id,,,,,,,,
      Attention: You must include the 8 trailing commas after the geoname_id in your ipv6 blocks file. For GeoIP2 data the country, region and city attributes are read from the corresponding geoname_id in the locations file
      startip string
      The first IP address in the block that is represented as a hexadecimal string. For example, a IPv6 string might be 2001:200:ffff:ffff:ffff:ffff:ffff:ffff
      endip string
      The last IP address in the block that is represented as a hexadecimal string.
      startip integer
      The first IP address in the block that is represented as an integer. For example, the IPv6 integer that corresponds to startip 2001:200:ffff:ffff:ffff:ffff:ffff:ffff might be 42540528806023212578155541913346768895.
      endip integer
      The last IP address in the block that is represented as an integer.
      country
      A two-letter country code. For assistance with locating a country code, see geoCountryCode in Predefined attributes.
      region
      A two-character region code. For assistance with locating a region code, see geoRegionCode in Predefined attributes.
      city
      The name of a city.
      The file must have v6 in its file name. The sample provided is named: GeoLiteCityv6.csv
  2. Create a file in ZIP format that contains the files you want to upload.
    For example, if you want to use both IPv4 and IPv6, include all the CSV files that you created in one ZIP formatted file.
  3. Log in to the local management interface.
  4. Click Manage System Settings.
  5. Under Updates and Licensing, click Geolocation Database.
  6. Click Import.
  7. Select the geolocation file in ZIP format.
  8. Click Import.
    Note: Importing the data can take more than 20 minutes to complete.
  9. Click Refresh Status to check the import process.
    When the process is complete, the status says Loaded.