Technical Tip: Create ISDB objects with specific region

akamath · ‎06-03-2020

Description
This article discusses about Geographic-based Internet Service Database (ISDB) objects.

ISDB objects allow users to define a country, region, and city.
These objects can be used in firewall policies for more granular control over the location of the parent ISDB object.
ISDB objects are now referenced in policies by name instead of ID.
Solution
To enable this:

1) Create ISDB.
- Go to Policy & Objects -> Internet Service Database and select 'Create New'.
- Under 'Type' select 'Geographic Based'.

View the IP ranges in the location-based internet service.

- Go to Policy & Objects -> Internet Service Database.
- In the table, hover over the object created in 1) and select 'View/Edit Entries'. The list of IPs is displayed.

- Select 'Return'.

2) CLI commands.
- Create the ISDB object:

# config firewall internet-service-name
    edit "Test"
        set type location
        set internet-service-id 327781
        set country-id 356
        unset region-id
        unset city-id
    next
end

View the IP ranges in the location-based internet service.

# diag internet-service id 327781
Internet Service: 327781(Microsoft-Skype_Teams)
Version: 00007.00732
Timestamp: 202006011642
Number of IP ranges: 1280
2.22.72.179-2.22.72.179 country(826) region(529) city(13685) blacklist(0x0) reputation(5), domain(5) popularity(0) botnet(0) proto(6) port(80 443 5061)
2.22.72.179-2.22.72.179 country(826) region(529) city(13685) blacklist(0x0) reputation(5), domain(5) popularity(0) botnet(0) proto(17) port(3478-3481 50000-60000)

Apply the ISDB profile in the IPV4 Policy
- Go to Policy & Objects -> Firewall Policy, select 'Create New', ISDB Enable, apply the profile and select 'OK'.