FortiWeb has a function to protect Web servers against access from clients in certain countries based upon GEO IP profiles. The function can be configured from the Web GUI using Web Protection > Access > GEO IP. However, the CLI does not support the configuration of a list in "waf geo-block-list".
This article explains why the CLI does not support "config waf geo-block-list".
"waf geo-block-list" holds multiple country-lists where it is possible to configure countries to be blocked based upon GEOIP but CLI fails to configure an entry for a country in a list at saving as follows.
Configuring an entry in a country-list is disabled by design because CLI is unable to validate the legitimacy of the user input.
(geo-block-list) # edit GEOIP-Example (GEOIP-Example) # config country-list (country-list) # edit 0 Add new entry '1' for node 5204 (1) # set country-name Afghanistan (1) # end Command fail. cmdb dont't save }----Here (GEOIP-Example) #
GOIP block policy must be configured from the Web GUI.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.