Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
peter-supply
New Contributor II

Created on ‎12-06-2024 09:03 AM

Blocking Private VPN IPs

We currently use Geoblocking to block access to external web servers from "unfriendly countries."  This works quite well.  However, we still receive a lot of malicious attacks from IPs from "friendly countries."  The majority of these IPs originate from private VPN providers.  Is there a way to block access from these IPs?  Thanks.

Labels:
877
0 Kudos
11 REPLIES 11
peter-supply
New Contributor II

Created on ‎12-06-2024 11:09 AM

Yes, I did fill out the entire rule.  I believe the error, "Source addresses/groups must have different IP versions than source Internet Services" was related to the fact that I was trying to add VPN-Anonymous to an existing DENY rule.  I created a new DENY rule with just the VPN-Anonymous group in it, and I was able to save it.  However, when I connect to my NordVPN, I am able to access all of our external websites.  So the rule isn't triggering for some reason.

 

VPN Block.png

168
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎12-06-2024 11:41 AM

Then you likely need to open a ticket at TAC and get it troubleshot. It's difficult to do that over this community thread "half-duplex" conversation without getting in your FGT.

Toshi

162
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.