Netscaler GeoIP with maxmind DB

GeoIP databases usually contain a mapping between subnets and the country they are from. Netscalers can use the information from an GeoIP DB in it’s policies (responder) and deny traffic for example from specific countries.
I’ve been using the Maxmind country DB which is free.

http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip

First you need to download the zip file that contains the ip block files and the Country locations. As Netscalers expect the location file for GeoIP to be just one file you will need to convert the maxmind geoip to Netscaler format. To do this, Citrix published a perl script that does this for you:

https://github.com/citrix/MaxMind-GeoIP-Database-Conversion-Citrix-ADC-Format

After you’ve managed to convert it you can upload it to the Netscaler and put the location of the file in the Netscaler config :

add locationFile /var/geoip/Netscaler_Maxmind_GeoIP_DB_IPv4.csv

To automate the whole process i’ve found script and then i’ve managed to adapt it to what i’ve wanted. The result is below.

!#/bin/bash

dir="/opt/maxmind"
ns_user=nsroot
ns_pass=nsroot
netscalers=(10.10.10.1 10.10.10.2)
LOG=$dir/log/maxmind_netscaler.log
data_dir=$dir/data

log() {
    MSG=$1
    echo "`date` $MSG" | tee -a $LOG
}

function download_db {
  if [[ ! -d $data_dir ]]; then
   log "data directory '$data_dir' doesn't exist"
   exit 1
  fi

  cd $data_dir
  wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip

  if [[ $? -ne 0 ]]; then
   log "Download failed, please try manually and check URL is still valid"
   exit 1
  else
    log "MaxMind DB successfully downloaded"
  fi

  unzip -j $data_dir/GeoLite2-Country-CSV.zip
  rm $data_dir/GeoLite2-Country-CSV.zip

}

function upload_db {
    orig_sum=`cksum $data_dir/GeoIPCountryWhois.csv | awk '{print $1}'`
  for ns in ${netscalers[@]}; do
    log "Starting upload to $ns "
    log "================================"
    exp $ns_pass scp $data_dir/Netscaler_Maxmind_GeoIP_DB_IPv4.csv $ns_user@$ns:/var/geoip
    sleep 10
    ns_sum=`exp $ns_pass ssh $ns_user@$ns 'cksum /var/geoip/Netscaler_Maxmind_GeoIP_DB_IPv4.csv' | awk '{print $1}'`
    exp $ns_pass ssh $ns_user@$ns "add locationFile /var/geoip/Netscaler_Maxmind_GeoIP_DB_IPv4.csv"
    sleep 5
    log "================================"
    log "Successfully uploaded to $ns"
    log "================================"
  done
}


function convert_db {

perl Convert_GeoIPDB_To_Netscaler_Format.pl -b GeoLite2-Country-Blocks-IPv4.csv -i  GeoLite2-Country-Blocks-IPv6.csv -l GeoLite2-Country-Locations-en.csv
gzip -d  Netscaler_Maxmind_GeoIP_DB_IPv4.csv.gz

}

function cleanup {

rm -f $data_dir/*.txt $data_dir/*.csv*

}

download_db
convert_db

log ""
log ""
log "=================================================="
log "Process to upload MaxMind DB to Netscalers started"
log "=================================================="
log ""


upload_db

log ""
log "===================================================="
log "Process to upload MaxMind DB to Netscalers completed"
log "===================================================="
log ""
log ""


cleanup

About the author

Mihai is a Network Aficionado with more than 10 years experience