This article describes how to configure a local-in policy to restrict SSH admin access from a specific country using non-common ports.
FortiOS, FortiGate.
Configuration example:
config firewall local-in-policy
edit 1
set intf "wan1"
set srcaddr "MEXICO"
set dstaddr "all"
set action accept
set service "SSH_Admin"
set schedule "always"
next
end
config firewall local-in-policy
edit 2
set intf "wan2"
set srcaddr "all"
set dstaddr "all"
set action deny
set service "SSH_Admin"
set schedule "always"
set status enable
next
end
date=2024-10-21 time=09:18:05 id=7428248532324188160 itime="2024-10-21 08:18:07" euid=3 epid=101 dsteuid=3 dstepid=101 logflag=3 logver=702091688 sfsid=0 type="traffic" subtype="local" level="notice" action="deny" policyid=2 sessionid=269970 srcip=186.114.XX.XX dstip=XXX.XXX.XXX.XXX srcport=55018 dstport=2246 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid=0001000014 service="SSH_Admin" app="Console Management(SSH)" appcat="unscanned" srcintfrole="wan" dstintfrole="undefined" policytype="local-in-policy" eventtime=1729523884801061949 crscore=5 craction=262144 crlevel="low" poluuid="bb4b84cc-8f72-51ef-52c5-4fe64a174580" srccountry="Colombia" dstcountry="Reserved" srcintf="wan2" dstintf="root" tz="-0600" devid="FWFxxxxxxxx1157" vd="root" csf="fabric" dtime="2024-10-21 09:18:05" itime_t=1729523887 devname="FGT-JoN"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.