I have created GEO blocking policy on top of the policies , I have blocked Russia specifically. But the following ip from Russia 5.8.16.163 , As per GEO blocking policy its not blocked. I already enabled match-vip on this policy.
Please help why Fortinet not able to block the geo block correctly
There are two separate policy sets:
- Firewall Policy (config firewall policy)
- Local-in Policy (config firewall local-in-policy)
Firewall Policy handles traffic coming in one interface and going out another interface. Local-in Policy handles traffic hits the FGT itself like IPsec, SSL VPNs, and other FGT initiated traffic's returns.
Did you put the your GEO blocking policy in the local-in-policy? Or firewall policy?
Toshi
it is firewall policy , traffic coming from outside to inside
Created on 11-30-2022 10:17 AM Edited on 11-30-2022 10:18 AM
So you're saying you have some VIP policies to allow outside parties to come through the FGT and forwarded to internal servers like Web server, FTP server, etc.
Then the traffic from Russia is actually hitting those internal servers, right?
You need to share the actual policy GUI or CLI by masking some proprietary info as well as the GEO address definition the policy is using.
Toshi
So you're saying you have some VIP policies to allow outside parties to come through the FGT and forwarded to internal servers like Web server, FTP server, etc.
-- Yes , traffic from Russia is hitting internal servers
Created on 11-30-2022 10:30 AM Edited on 11-30-2022 03:16 PM
I found a KB for your situation. Did you follow this instruction?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-VIP-access-using-GEO-Location...
<edit>
As described at the end of this KB, your deny policy is most likely missing "set match-vip enable" in CLI.
</edit>
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.