FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article shows the configuration to protect a server from attacks from countries that user has no business with.


First, create an address object:

Go to Policy&Object -> addresses
Then select 'create' and 'new address'

Name: Choose a name
Type: Select 'Geography'
Country: Select the country to block

Do this for all the countries to block
Then, create a group for these countries that needs to be blocked.

Select 'create' and 'new address group'

The last thing to do is to create a policy.
Go to Policy & Object -> IPv4 Policy

Create a policy that block the traffic from the countries to the internal servers that needs to be protected.

Once this rule is created, the traffic from that countries will be blocked (this is to protect the server only, it does not block the internet).

Related Articles


Technical Note: How FortiGate can block Duolingo in different ways. Blocks web application.

Technical Note: Disconnecting a member from a cluster