Hello,
what if admin from the same country that apply geoblocking?Will that be a problem?
Solved! Go to Solution.
Hi,
- It should not be a problem as we depend on Local-in-policies to restrict administrative access(HTTPS, PING, SSH, and others) in the interface level of the Firewall.
- Usually security policies are between the interfaces say port1 to port2. So the management communication towards the Firewall will not match.
- However when you are configuring the geo location block make sure you dont have any policy which can block this communication.
- Make sure you have some kind of alternate access to the firewall when you make this changes as a precautionary measure.
Regards,
Shiva
Hi,
- It should not be a problem as we depend on Local-in-policies to restrict administrative access(HTTPS, PING, SSH, and others) in the interface level of the Firewall.
- Usually security policies are between the interfaces say port1 to port2. So the management communication towards the Firewall will not match.
- However when you are configuring the geo location block make sure you dont have any policy which can block this communication.
- Make sure you have some kind of alternate access to the firewall when you make this changes as a precautionary measure.
Regards,
Shiva
@bayuaw
Are you implementing restriction on Administration access to Fortigate from Internet?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Limit-administration-access-by-geography-l...
Or are you implementing GeoIP Blocking for the traffic that passing through the Fortigate going to Internal Network?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-by-country-or-geolocation/ta-...
If it is the first one, if administrator IP is from block country then it is will be blocked by the local-in-policy.
User | Count |
---|---|
2056 | |
1173 | |
770 | |
448 | |
341 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.