Description | This article describes how to allow/block the ISDB services on basis of GeoIP Database. |
Scope | FortiGate 7.2.x. |
Solution |
If there is a requirement to block Zscaler connection based on GeoIP, Zscaler has multiple cloud servers based on GeoIP.
1) Go to Policy & Object -> Internet Service Database -> Internet Services, select 'Create New' -> Geographic Based Internet Services.
2_ Type: Geographic Based. The predefined one is having all the server IP based on the destination.
3) It is possible to verify the IP's lookup while checking the View/Edit Entries.
Copy any of the listed IPs to confirm the GeoIP location which should be matching to India.
4) Go back and select 'IP Address Lookup'.Paste the IP and do the lookup.
It shows Mumbai, Maharashtra, India. From the below snapshot, this IP is also listed under 'Amazon-AWS' and 'Amazon-AWS.EC2'.
5) Create a firewall policy to allow/block Zscsler cloud IP's of India location.
This is will block the connection between the client machine and to Zscaler Client Connector which is connected to zscaler intenet cloud.
If the GeoIP is not updated, follow this related document: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.