Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssteo
Staff
Staff

Created on ‎08-23-2021 12:50 AM Edited on ‎11-07-2024 12:17 AM By Moderator

Article Id 190180

Technical Tip: Limit administration access by geography location

Description

 

This article describes the limited administration access by geography location.

 

Scope

 

FortiGate.

Solution

 

  1. Go to Policy & Objects -> Addresses, select 'Create New' -> Address.

    In this example, a new geography address with the country Vietnam is created.


 
  1. The first local in policy is to allow the country Vietnam to connect FortiGate via PORT1.
    In this example, PORT1 is a WAN interface that can public accessed from the internet.

    config firewall local-in-policy
        edit 0
            set intf port1
            set srcaddr Vietnam
            set dstaddr all
            set service ALL
            set schedule always
            set action accept
     end

    JeanPhilippe_P_0-1730967306681.png

  2. The second local in policy is to block any country from connecting FortiGate via port1. In this example, port1 is a WAN interface that can public access from the internet.
    config firewall local-in-policy
        edit 0
            set intf port1
            set srcaddr all
            set dstaddr all
            set service ALL
            set schedule always
    end

  3. Now only country Vietnam can access the FortiGate from the Internet.

    Note: Starting from FortiGate v7.6.0, the Local-in-Policy can now be also configured in the GUI. Refer to this document for reference: Technical Tip: Creating a Local-In policy (IPv4 and IPv6) on GUI.

Labels:
6770
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.