Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
peter-supply
New Contributor

Created on ‎12-06-2024 09:03 AM

Blocking Private VPN IPs

We currently use Geoblocking to block access to external web servers from "unfriendly countries."  This works quite well.  However, we still receive a lot of malicious attacks from IPs from "friendly countries."  The majority of these IPs originate from private VPN providers.  Is there a way to block access from these IPs?  Thanks.

Labels:
528
0 Kudos
11 REPLIES 11
peter-supply
New Contributor

Created on ‎12-06-2024 11:09 AM

Yes, I did fill out the entire rule.  I believe the error, "Source addresses/groups must have different IP versions than source Internet Services" was related to the fact that I was trying to add VPN-Anonymous to an existing DENY rule.  I created a new DENY rule with just the VPN-Anonymous group in it, and I was able to save it.  However, when I connect to my NordVPN, I am able to access all of our external websites.  So the rule isn't triggering for some reason.

 

VPN Block.png

101
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎12-06-2024 11:41 AM

Then you likely need to open a ticket at TAC and get it troubleshot. It's difficult to do that over this community thread "half-duplex" conversation without getting in your FGT.

Toshi

95
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.