Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bayuaw
New Contributor

Geo Blocking

Hello,

 

what if admin from the same country that apply geoblocking?Will that be a problem?

1 Solution
smaruvala
Staff
Staff

Hi,

 

- It should not be a problem as we depend on Local-in-policies to restrict administrative access(HTTPS, PING, SSH, and others) in the interface level of the Firewall. 

- Usually security policies are between the interfaces say port1 to port2. So the management communication towards the Firewall will not match.

- However when you are configuring the geo location block make sure you dont have any policy which can block this communication.

- Make sure you have some kind of alternate access to the firewall when you make this changes as a precautionary measure. 

 

Regards,

Shiva

 

View solution in original post

2 REPLIES 2
smaruvala
Staff
Staff

Hi,

 

- It should not be a problem as we depend on Local-in-policies to restrict administrative access(HTTPS, PING, SSH, and others) in the interface level of the Firewall. 

- Usually security policies are between the interfaces say port1 to port2. So the management communication towards the Firewall will not match.

- However when you are configuring the geo location block make sure you dont have any policy which can block this communication.

- Make sure you have some kind of alternate access to the firewall when you make this changes as a precautionary measure. 

 

Regards,

Shiva

 

adimailig
Staff
Staff

@bayuaw 

Are you implementing restriction on Administration access to Fortigate from Internet?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Limit-administration-access-by-geography-l...

Or are you implementing GeoIP Blocking for the traffic that passing through the Fortigate going to Internal Network?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-by-country-or-geolocation/ta-...

If it is the first one, if administrator IP is from block country then it is will be blocked by the local-in-policy. 



Best Regards,

Arnold Dimailig
TAC Engineer
Top Kudoed Authors