Configuring Geo IP Integration with MaxMind
Leveraging GeoIP data to enhance NetFlow analysis provides valuable insights into network traffic patterns, user behavior, and potential security threats. By incorporating geographic location information, organizations can gain a deeper understanding of network activity, identify anomalous traffic patterns, and optimize network performance.
NetFlow Optimizer supports GEOIP2 and GeoLite2 databases. You need to sign up for a GeoLite2 account at https://dev.maxmind.com/ to get FREE IP geolocation data.
To configure integration with MaxMind, on the left navigation bar select Modules, open Network Conversations Monitor set by clicking on ..., and click on Module configuration 10062: Network Conversations Monitor. Scroll down to EDFN Agent Geo Country (or Geo City) and click on it.
Settings Tab
You will be presented with the following configuration screen.
On this screen you can configure the following parameters:
Cron Schedule
IP geolocation lists are updated on cron schedule set here.
URL
The URL points to GeoLite2 database. Once you register and generate your Maxmindnew license key, replace "YOUR_LICENSE_KEY" with it in the URL field:
https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City-CSV&license_key=YOUR_LICENSE_KEY&suffix=zip
Verifying Configuration
When configuration is completed, save it, then open again and press green Run now button. You should see the list and timestamp updated:
