NetScaler Responder with geoIP Check Does Not Work After Upgrade

NetScaler Responder with geoIP Check Does Not Work After Upgrade

book

Article ID: CTX219333

calendar_today

Updated On:

Description

Customer is using Maxmind GeoIP-142_20140402 geolocation database on NetScaler appliance. After updating to Maxmind GeoIP-142_20150804 the block/allow responder rule does not work as expected.

add responder policy rspol_reset_by_country "CIS.EQUALS_ANY(\"NOT_RESET_IPs\").NOT && CLIENT.IP.SRC.MATCHES_LOCATION(\"*.TR.*.*.*.*\").NOT && CLIENT.IP.SRC.MATCHES_LOCATION(\"*.US.*.*.*.*\").NOT && CLIENT.IP.SRC.MATCHES_LOCATION(\"*.DE.*.*.*.*\").NOT && CLIENT.IP.SRC.MATCHES_LOCATION(\"*.ES.*.*.*.*\").NOT" RESET

During troubleshooting IP address through nsmap command on NetScaler shell provided TR but  RESET response was received, but we should not get RST as per the above configuration.

Resolution

Issue resolved after truncating the ISP names to 30 characters.

Problem Cause

Tested the database files in lab and able to see the problem with the new database. The reason this is not working is because in the new DB(GeoIP-142_20150804), the ISP entry's length exceeds 32.
"213.x.x.0","213.y.y.255","TR","Example1 Example1 example3 net"

In the older DB, GeoIP-142_20140401, the entry for the same is:
"213.x.x.0","213.y.y.255","TR","Example1 Example1 example3 org"

Further we tried the Responder policy with new DB GeoIP-142_20150804, for entries where this length doesn't exceed 32, and that is working fine.

As of now ISP string length to maximum 32 bytes only is supported. We need to modify entries which have length more than 32 bytes/characters.

Issue/Introduction

NetScaler Responder with geoIP Check Does Not Work After Upgrade
Powered by Wolken Software