FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssteo
Staff
Staff
Description
This article talks about limit administration access by geography location.

Solution
1) Go to Policy & Objects -> Addresses, select 'Create New' -> Address.

In this example, new geography address with country Vietnam is created.





2)    First local in policy is to allow country Vietnam to connect FortiGate via PORT1.
In this example PORT1 is WAN interface that can public access from internet.
# config firewall local-in-policy
    edit 0
        set intf port1
        set srcaddr Vietnam
        set dstaddr all
        set service ALL
        set schedule always
        set action accept
    end




3) Second local in policy is to block any country to connect Fortigate via port1. In this example port1 is WAN interface that can public access from internet.
# config firewall local-in-policy
    edit 0
        set intf port1
        set srcaddr all
        set dstaddr all
        set service ALL
        set schedule always
    end




4) Now only country Vietnam can access the FortiGate from Internet.

Contributors