Hi
We have noticed a large amount of attempts hitting our SSL VPN from 1 particular country. The attempts are coming from a variety of IP addresses but are listed as this one country. We want to block these attempts but our issue is that we have an office in that country. The users are in a shared office but use SSL VPN to connect to us. The shared office has a static IP.
Is there a way in Fortinet to create a group to block all IP addresses from this country except the 1 that we one that our users connect from?
Many thanks
Roy
Should work like that. Haven't tested it. This might also be a bit more insecure (not sure), because the check if the connection is allowed is done during authentication, and I believe when setting it globally that check is done before. Haven't tested that either.
Sorry, What should work like what?
Hello Roy,
You can limit access to specific hosts, Under SSL-VPN settings, choose limit access to specific hosts then add the address groups/countries that you want to allow access to sslvpn login.
I know how to add create the group to block a country but I want to allow 1 IP from that country and block all the rest. How do I do that?
With that condition, you need to use local-in-policy. Then you can do in the same way you would do with regular plolicies, like allowing one I with the first policy then block from anywhere else.
https://docs.fortinet.com/document/fortigate/7.4.5/administration-guide/363127/local-in-policy
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.