Skip to main content
Dubos
Dubos
Explorer II
March 1, 2022
Solved

Editing the GeoIP database in FortiGate

  • March 1, 2022
  • 2 replies
  • 5284 views

I can create a GeoIP and select a country to distribute the rules to the region at once. But what if I want to add or exclude some addresses in this list? I have Fortigate-600D-LENC (that is, it is not connected to cloud services and auto-updates) and I have not found a way to view the database of addresses included in the GeoIP of a particular country.

Best answer by akristof

Hello,

 

Thank you for your question. You can manually override that specific IP range will belong to different country:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Commands-to-verify-GeoIP-information-and/ta-p/190341

 

Or other option is to do it with 2 firewall policies:

First firewall policy will allow traffic with specific ranges that you want to allow.

Second policy will block access based on GEO-IP addresses.

2 replies

amouawad
Staff
amouawad
Staff
March 1, 2022

Hi Daniil,

 

This article shows the commands: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Commands-to-verify-GeoIP-information-and/ta-p/190341

    akristof
    Staff
    akristofAnswer
    Staff
    March 1, 2022

    Hello,

     

    Thank you for your question. You can manually override that specific IP range will belong to different country:

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Commands-to-verify-GeoIP-information-and/ta-p/190341

     

    Or other option is to do it with 2 firewall policies:

    First firewall policy will allow traffic with specific ranges that you want to allow.

    Second policy will block access based on GEO-IP addresses.

      Dubos
      DubosAuthor
      Explorer II
      March 1, 2022

      Thank you, I think this is the maximum I can do in this situation. Of course, I have already figured out myself that you can add addresses to the policy manually, and without the ability to automatically determine the country of the address, it seems to me that it is easier to do this than using the console to specify the country.

      Terms & ConditionsAccessibility statement