Description
This article shows the option to add a geography-based address scheme.
With this type of addressing, the geographic region or country can be indicated.
The FortiGate unit includes an internal list of countries and IPv4 IP addresses based on historical data from the FortiGuard network.
Scope
FortiGate version 5.4 and above.
Solution
In the following examples, a geographic-based address for China is added.
Via CLI:
config firewall address
edit China
set type geography
set country CN
set associated-interface wan1
end
end
Via GUI:
- Go to Policy & Objects -> Addresses. Select Create New and Address.
- Field Name: Enter China.
- Field Type, select Geography.
- From the Country/Region list, select China.
- From Interface, select WAN1 or Any Interface.
- Select OK.
After adding under security policies, the traffic (originating or going to a particular country) can be logged, blocked, or a specific filtering can be applied.
Diagnose command:
To show the IP range and the total IP range associated with the country:
diagnose firewall ipgeo "country id"
Related article:
Technical Tip: Geography Based Addressing (Version 5.0 and below)
