Description
FortiWeb has a function to protect Web servers against access from clients in certain countries based upon GEO IP profiles. The function can be configured from the Web GUI using Web Protection > Access > GEO IP. However, the CLI does not support the configuration of a list in "waf geo-block-list".
This article explains why the CLI does not support "config waf geo-block-list".
Solution
"waf geo-block-list" holds multiple country-lists where it is possible to configure countries to be blocked based upon GEOIP but CLI fails to configure an entry for a country in a list at saving as follows.
Configuring an entry in a country-list is disabled by design because CLI is unable to validate the legitimacy of the user input.
(geo-block-list) # edit GEOIP-Example
(GEOIP-Example) # config country-list
(country-list) # edit 0
Add new entry '1' for node 5204
(1) # set country-name Afghanistan
(1) # end
Command fail. cmdb dont't save }----Here
(GEOIP-Example) #
GOIP block policy must be configured from the Web GUI.
