Dear All,
With reference to Geo location database I few have queries as follows:
1. I want to allow only specific country for my business except all, what septs should be taken If public IP are natted with Internal IP (like virtual IP 192.168.99.1 - 10.1.1.1).
2. How actually Fortigate Firewall's Geo IP database up to date with Fortigate Gaurd server globally.
3. what are the method for it. like should I create normal policy or local policy.
4. How to check logs the county which I have blocked, is being blocked or not.
5. What are the time frequency of Geo IP database for getting update.
Thank you advanced, I will be very happy If I get response as early as want.
Thank you
Fortigate learner.
Hello
Hello AEK,
As you said why do you nat public IP with private Ip.
If we do not create natting with the help of virtual IP, how internal server will be access from outside world.
Hi Umesh
Yes this is DNAT, and it nats the destination IP, not the source IP.
Yes, that's correct as you have written.
Can you please guide me, how can I block malicious IP to our network, we have created DNAT.
thank you.
Hi @Umesh
Yeah, you use Virtual IP objects to make NAT from outside to inside IP's.
Either one VIP pr. port you wanna map in, OR a VIP with all ports, and then open the ports in Firewall Rules you want open.
If you have few IP's the needs many services, option 1 is best.
If you have enough public IP's, you can assign one public to each internal IP you like to map.
You should be able to see all traffic under Log & Report in your FortiGate.
commented information is correct.
But what about to blocking IP or particular group in local policy from wan to LAN.
In FG, Policy & Objects: Adresses:
Under Geography, create an Object for each of the countries you like to Allow or Deny:
Then combine them in an Adress Group, and use that Group in a firewall rule to allow/deny traffic from that area.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.