Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sreddi
Staff
Staff

Created on ‎11-21-2019 05:27 AM

Article Id 197042

Technical Tip: Geography Based Addressing (Version 5.4 and above)

Description
This article shows the option to add a geography based address scheme.

With this type of addressing, the geographic region or country can be indicated.
The FortiGate unit includes an internal list of countries and IPv4 IP addresses based on historical data from the FortiGuard network.

Solution
In the following examples, a geographic based address for China is added

Via CLI:
#config firewall address
edit China
set type geography
set country CN
set associated-interface wan1
end
Via GUI:

1) Go to  Policy & Objects -> Addresses. Select Create New and Address
2) Field Name, enter China
3) Field Type, select Geography
4) From the Country/Region list, select China
5) From Interface, select WAN1 or Any Interface
6) Select OK



After adding under security policies, the traffic (originating or going to a particular country) can be logged, blocked or a specific filtering can be applied.

Related Articles

Technical Tip: Geography Based Addressing (Version 5.0 and below)

4722
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.