Block all traffic in or out from China

Forum|Forum|10 years ago
May 2, 2016
1 reply
10829 views

Hi Friends,

I am new to this forum, I have created a policy to block the traffic from China(& one of my remote location's IP) as attached pic.

And I have moved the policy to top in the sequence.

I have tested from my remote location, I am able access the firewall public IP and also I am able access the VPN.

So this policy is not working.

Can anyone help me to write correct policy to block traffic from a particular sub-net or country.

Thanks

Ramesh

Block.jpg

5.4

Best answer by Nils

Your policy is saying that you are not allowed to access your internal interface subnets from China.

When you access your firewall you access the WAN interface, not the internal.

If you want to limit access to login to your firewall you'll do that in the Administrator "trusted hosts".

To limit access to SSLVPN you have to create a rule "From WAN to ssl.root" and the source must be the China Networks and then deny.

NilsAnswer

New Member

Your policy is saying that you are not allowed to access your internal interface subnets from China.

When you access your firewall you access the WAN interface, not the internal.

If you want to limit access to login to your firewall you'll do that in the Administrator "trusted hosts".

To limit access to SSLVPN you have to create a rule "From WAN to ssl.root" and the source must be the China Networks and then deny.

mannemrameshAuthor

New Member

Hi Nilson,

Thanks for your response.

its worked.

Thanks

Ramesh

ede_pfau

SuperUser

In "Trusted Hosts", you can only specify a white list - hosts or subnets which you allow to access the management. If you want to set up a blacklist - addresses which you want to block - then you create a 'local-in' policy. Depending on the version of FortiOS, local-in policies are defined in the CLI only, or in the GUI.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded