Block China etc. Traffic

Forum|Forum|16 years ago
February 9, 2010
4 replies
5378 views

Hey This is probably a stupid question but here goes... Does anyone know of an easy way to explicitly block all traffic originating from China? Actually, I would like to block traffic coming from every country in Asia... I am sick and tired of looking at all of the garbage traffic which comes from that area of the world. Now I have Chinese IP addresses trying to attack my Fortigate via the SSH admin constantly. Honestly - I think that all of Asia should be permenently disconnected from the internet... I guess that would be pretty extreme but I am seriously irritated, lol. I have a text file which contains all of the ip/netmask addressess for Asia. Is there any easy way to import them all into my Fortigate or do I have to manually enter every single one of them (which would be crazy)? Thanks!

Carl_Wallmark

New Member

Hi, I agree with you there, you have a couple of choices: 1. Create a script that will import them from a text file. 2. Upload a Bulk script from the GUI, but you will need to make a valid bulk config file and then it depends on what firmware you have. but first of all, check the matrix of maximum numbers of addresses, from docs.fortinet.com i dont think you will manage to upload every net from asia, unless you can combine all addresses to big subnets ;)

abelio

SuperUser

Honestly - I think that all of Asia should be permenently disconnected from the internet...

Maybe Fortinet' s CEO Ken Xie will be not happy with that idea

flppds

New Member

sorry for the basic question: you have already set up a list of authorized IP that can connect to your fortinet as admin? I have changed the default 0.0.0.0/0 with my LAN address and a few public IP address that I trust, and no other can connect via ssh or https to my fortinet...

A

Anonymous_UserAuthor

Contributor

I just turned off all types of admin access on the WAN interface to deal with this. If I need to administer the device remotely I log into a server first. If it came to the point where I couldn' t get into the network remotely because the device was actually down then I' d have to physically go to the office anyways... I still would like to be able to block all types of traffic originating from Asia. I really don' t care what anyone thinks of me for that. I have read about some other UTM devices which have the capability built right into them to simply check off blocking regions of the world.

billp

New Member

I know the Sidewinder can block entire countries/regions. They also maintain a blacklist of bad IPs. Fortinet doesn' t take this approach directly but you can approximate the same function by using an address group and scripts, as stated earlier. I' ve found notepad++ works well for editing the .conf file and to create a script from it. My guess is that Fortinet won' t offer the " block a country" approach directly on their product since they sell so much overseas.

abelio

SuperUser

My guess is that Fortinet won' t offer the " block a country" approach directly on their product since they sell so much overseas.

I disagree with that; blocking country' s IPs could lead to a fake sensation of control or security; there' re a lot of zombies IPs out there and many owners of those machines are not aware of yet; if you detect that several IPs are allocated to ISPs, for example, belonging to my country, do you block every traffic originated in Argentina? Another point is that IP<->country records are not full updated and could lead to wrong blocks; several carriers or big ISPs with global presence allocate blocks following their own criteria. An example of that is <country>.blackholes.us lists as a tactic to fight spam. Finally, you can do what do you want with your firewall, blocking everything and allowing some few networks, is your call. regards,

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded