Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
mtogo_FTNT
Staff
Staff

Created on ‎09-28-2016 07:49 PM Edited on ‎11-25-2021 01:37 AM By Community Manager

Article Id 195671

Technical Tip: FortiWeb CLI does not support 'config waf geo-block-list'

Description

FortiWeb has a function to protect Web servers against access from clients in certain countries based upon GEO IP profiles.  The function can be configured from the Web GUI  using Web Protection > Access > GEO IP.  However, the CLI does not support the configuration of a list in "waf geo-block-list".

This article explains why the CLI does not support "config waf geo-block-list".


Solution

"waf geo-block-list" holds multiple country-lists where it is possible to configure countries to be blocked based upon GEOIP but CLI fails to configure an entry for a country in a list at saving as follows.

Configuring an entry in a country-list is disabled by design because CLI is unable to validate the legitimacy of the user input.
(geo-block-list) # edit GEOIP-Example
(GEOIP-Example) # config country-list
(country-list) # edit 0
Add new entry '1' for node 5204
(1) # set country-name Afghanistan
(1) # end
Command fail. cmdb dont't save    }----Here
(GEOIP-Example) #
GOIP block policy must be configured from the Web GUI.
Labels:
1221
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.