Skip to main content
dschak
dschak
New Member
December 10, 2021
Question

Whitelist Countries for VPN Access

  • December 10, 2021
  • 4 replies
  • 8252 views

How in the FortiGate GUI interface, can I configure white listed counties.

 

Under Policies & Objects -> Addresses I have created my allowable counties using Type = Geography and I have my 5 countries.

In the same place I have created a group called Whitelisted Counties and added the 5 countries.

 

Where do I now add this address group and what settings do I need to change to make this work?

 

Preferably through the GUI rather than the CLI.

#fortigate - firmware v6.4

4 replies

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
December 10, 2021

A simple internet search found this KB.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-VPN-access-to-certain-countries/ta-p/192328?externalID=FD45208

dschak
dschakAuthor
New Member
December 10, 2021

Hi Toshi,

 

I did read that KB but was hoping that there would be a way of doing this via the GUI rather than the CLI.

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
December 10, 2021

I think local-in-policy config is available only via CLI. It's not so difficult.

pavankr5
Staff
pavankr5
Staff
July 21, 2023

Hello 
Please check this article for SSL VPN connectivity from certain countries using firewall geography addresses 
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restricting-SSL-VPN-connectivity-from-certain/ta-p/191997


Thanks

waqar11
waqar11
New Member
July 21, 2023

To configure whitelisted countries in the FortiGate GUI interface, follow these steps:

  1. Log in to the FortiGate GUI.
  2. Go to "Security Profiles" and select "Geolocation."
  3. Click on "Create New" to add a new geolocation filter.
  4. Choose "Countries" and select the desired countries you want to whitelist.
  5. Save your settings, and the specified countries will be whitelisted on your FortiGate firewall.
galilio
galilio
New Member
July 21, 2023

Copy the rule that has the GeoIP settings. Modify the copied rule to get rid of the GeoIP settings and set the source/destination for how you want it. Then make sure it's set higher than the rule with the GeoIP active.

Terms & ConditionsAccessibility statement