Configure automatic updates for the geolocation database

By default, the Gateways preinstalled geolocation database (GeoIP) will not be updated automatically. Because geolocation information may change over time, we recommend configuring automatic updates.

  • The preinstalled GeoIP database depends on the installed Airlock Gateway release:
  • Airlock Gateway 7.0–7.4 uses GeoLite2 data created by MaxMind.
  • Airlock Gateway 7.5 and later uses IP to City Lite data created by DB-IP.

Every Gateway release itself includes the latest set GeoIP data.

GeoLite2 and IP to City Lite by comparison

The latest MaxMind End User License Agreement (EULA) for GeoLite2 stipulates regular database updates every 30 days while IP to City Lite by DP-IP does not.

Since Airlock Gateway does not have automatic updates enabled by default, we have chosen IP to City Lite as the standard for Airlock Gateway 7.5 and later.

However, Gateway 7.5 still comes with the MaxMind update tool (update-settings.sh) installed. When enabling GeoIP updates in Gateway 7.5, the GeoLite2 database will replace IP to City Lite.

Procedure-related prerequisites

  • Geolocation filtering is configured.
  • You need to be logged in as root on the Airlock Gateway console.
  • A login account must be registered with MaxMind, the provider of the geolocation data.
  • Before enabling automatic database updates, you need to create a MaxMind account and accept the GeoLite2 End User License Agreement.
  • A MaxMind account ID and license key must be available.

Enable automatic updates of geolocation data for GeoLite2

  1. Create a local copy of the MaxMind update configuration:
    2. copy
    cp /opt/airlock/maxminddb/etc/GeoIP.conf /opt/airlock/custom-settings/maxminddb/GeoIP.conf
  2. Open the newly created GeoIP.conf with vim editor:
    3. copy
    vim /opt/airlock/custom-settings/maxminddb/GeoIP.conf
  3. Add the MaxMind account ID and license key.
    4. copy
    AccountID <your account id> 
LicenseKey <your license key>​​​ 
​EditionIDs GeoLite2-City

    Save the changes and close the editor.

  4. Open the update-settings.sh with vim editor:
    5. copy
    vim /opt/airlock/custom-settings/maxminddb/update-settings.sh
  5. Enable the automatic update functionality:
    6. copy
    GEOIP_UPDATE_ENABLED="yes"​​​​​​ 
GEOIP_UPDATE_CONFIG_FILE="/opt/airlock/custom-settings/maxminddb/GeoIP.conf"

    Save the changes and close the editor.

  6. With GEOIP_UPDATE_ENABLED="yes", a cronjob updates the database on a weekly basis.

    7. The database can only be updated if Airlock Gateway has access to a DNS server and is able to connect to https://updates.maxmind.com.

  7. Start the initial update process manually:
    8. copy
    /opt/airlock/maxminddb/bin/update.sh
  8. Check log messages for the update status:
    • -On success, a message with log_id "SY-GEOIP-UPDATE-200" is logged.
    • -On failure, a message with log_id "SY-GEOIP-UPDATE-500" is logged, providing more information about the error.