Re: IpToCountry.csv vs Ip2Country.csv difference?

VENKAT_S_P · ‎2019-08-11

What is the difference between IpToCountry.csv vs Ip2Country.csv? I found a sk120261 but its not clear.

The default present in customer folder is IpToCountry.csv and even file dowloaded is IpToCountry.csv.gz. Do this file needs to be renamed to Ip2Country.csv?

My another question is does this requires a mdsstop/mdsstart?

Timothy_Hall · ‎2019-08-11

The only reference I'm seeing to a file called ip2country.csv is in the cpsemd daemon which handles SmartEvent logging, but that file is not referenced anywhere else in the firewall code that I can seem to find. So my guess is that the ip2country.csv is perhaps a copy of the original IpToCountry.csv file (which is actively used by the Geo Protection feature) used for adding Geo country information to logs displayed by SmartEvent?

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization

PhoneBoy · ‎2019-08-11

If I'm reading the SK correctly, IpToCountry.csv is just what gets downloaded and is to differentiate it from the active Ip2Country.csv file.

VENKAT_S_P · ‎2019-08-12

So Ip2Country.csv is the real file that is used? The confusion is that when i install Multi-domain on the VM, i see only IpToCountry.csv as initial file.

PhoneBoy · ‎2019-08-12

That's the way I read the SK.
In any case, if everything is working, I wouldn't mess with the file. 😁

VENKAT_S_P · ‎2019-08-14

how do i download this file using the curl_cli. on MDS we do not have wget/curl so using curl_cli.

I get error when i use this command:

/opt/CPsuite-R80/fw1/bin/curl_cli --proxy x.x.x.x:yyyy -v https://sc1.checkpoint.com/freud/IpToCountry.csv.gz --cacert $CPDIR/conf/ca-bundle.crt

But even I tried without proxy in someother i get the same results.

/opt/CPsuite-R80/fw1/bin/curl_cli -v https://sc1.checkpoint.com/freud/IpToCountry.csv.gz --cacert $CPDIR/conf/ca-bundle.crt

I see all connected and when the download is about to begin - i see junk characters.

< HTTP/1.1 200 OK < Accept-Ranges: bytes < Content-Type: application/x-gzip < ETag: "" < Last-Modified: Thu, 08 Aug 2019 10:14:17 GMT < Server: AkamaiNetStorage < Content-Length: 1840827 < Cache-Control: max-age=604800 < Date: Mon, 12 Aug 2019 16:16:00 GMT < Connection: keep-alive < ‹ùõK] IpToCountry.csv ¬ý]“\·Ñ-ÞOÄü†¯ß‰S{o|^’4-Q$%š¤äcOÌEIêGê#²[O“´ôë™øX¥ÇµP…mD8J³W"w"L$‰?-Î{¿.îOÿÏŸ´iü’š·Ç»cúYëê×Ã!µ«?oå÷óÇOÇ÷·Ç?ý¿ÿ_µaÝâyO¿–Ÿ/õ÷çÛ»«9p\Ý6Þ{B™L ,ÛBØ'½¢°¬9øóà¯^ë€¿:þz¼«à„7Ç¾;nî¿;bä»Ï÷¬ˆüÍÁ¬Þ’o~÷¥þ<–ßŸ·ïw?¼€Ö‚ßì³Ïs®ˆPÁ;FLQ…{—Íõ.ˆ¬Á[»¡¹%Äš…a ä»©Ü >ìçŠpLU%öí[éüÛ»ÛO7?>zûéøéæc#R6&Ô ‚(ø-ÍÔÑÏœ?l¢ñ+Â*Ø-„sª6å2´b#J›:r~9˜IïìÓ3(wžˆ™ÞYµË4¿{ rþµþüY~ï~¬Ÿˆ,ôÍ‰F>[yuõ‰ëÉg¿ú»þˆÐ_ßûX;W+x;6U3¢·8jX2*ËÍ8»"7Ò» ²ÜL

Ref#sk83520

PhoneBoy · ‎2019-08-14

curl is attempting to render a gzip file.
You should be able to do something like the following to download it to an uncompressed csv file:
curl_cli https://sc1.checkpoint.com/freud/IpToCountry.csv.gz --cacert $CPDIR/conf/ca-bundle.crt | gunzip > IpToCountry.csv

VENKAT_S_P · ‎2019-08-15

gunzip gave an error:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

gunzip: stdin: unexpected end of file

But this one worked for me [per CP support]

/opt/CPsuite-R80/fw1/bin/curl_cli --proxy x.x.x.x:yyy -k https://sc1.checkpoint.com/freud/IpToCountry.csv.gz --output /home/IpToCountry.csv.gz

Thank you.

Are you a member of CheckMates?

IpToCountry.csv vs Ip2Country.csv difference?