Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate CNF Getting Started Resources
- Fortinet Community
- Community Groups
- FortiGate CNF (All Marketplaces)
- Getting Started Resources
- Re: Allow Specific Subnet from Geo-Blocked Country
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Allow Specific Subnet from Geo-Blocked Country
We have an issue allowing a specific subnet from a blocked country. We have a geo-block country firewall policy placed at the top. We have also created an IPsec tunnel with inbound and outbound policies for tunnel communication. However, the remote IP address is a public IPv4 address that belongs to one of the blocked countries.
So how can we allow this subnet. Please suggest the all possible ways.
FortiGate
FortiGate
FortiGate
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
create an object with that ip/subnet/range and then create a firewall rule allowing access by placing it above the deny rule.
"jack of all trades, master of none"
"jack of all trades, master of none"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I’m correct, a new policy needs to be created above the existing deny policy.
I have a couple of questions:
How should I define the source interface (srcintf) and destination interface (dstintf), as well as the source and destination addresses in the new policy
I already have a customized policy for the IPsec VPN connection, but it is placed below the deny policy.
If I make these changes, will the traffic flow through the new policy? or the existing vpn policy?
Announcements
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
Labels
-
FortiGate
1 -
FortiClient
1 -
pppoe
1 -
IPv6
1 -
FortiClient EMS
1 -
Cloud Security
1 -
VLAN
1 -
FortiGate 7.6.0
1 -
Fortigate script
1 -
1.
1 -
fortigate cnf
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.