Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
peter-supply
New Contributor II

Blocking Private VPN IPs

We currently use Geoblocking to block access to external web servers from "unfriendly countries."  This works quite well.  However, we still receive a lot of malicious attacks from IPs from "friendly countries."  The majority of these IPs originate from private VPN providers.  Is there a way to block access from these IPs?  Thanks.

11 REPLIES 11
peter-supply
New Contributor II

Yes, I did fill out the entire rule.  I believe the error, "Source addresses/groups must have different IP versions than source Internet Services" was related to the fact that I was trying to add VPN-Anonymous to an existing DENY rule.  I created a new DENY rule with just the VPN-Anonymous group in it, and I was able to save it.  However, when I connect to my NordVPN, I am able to access all of our external websites.  So the rule isn't triggering for some reason.

 

VPN Block.png

Toshi_Esumi
SuperUser
SuperUser

Then you likely need to open a ticket at TAC and get it troubleshot. It's difficult to do that over this community thread "half-duplex" conversation without getting in your FGT.

Toshi

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors