I have Thousands of IPs trying to access my fortigate using RDP, some china, russia, usa, how can i bulk block the IPS and only allow just a few that I know to access RDP.
Go to Solution.
End user will connect via RDP to an external (WAN) IP address to access the internal (LAN) host with a customized RDP port. The standard RDP port is 3389.
While configuring the RDP policy, in the Source you can add only the specific IPs which you want to allow.
Please refer to the below document:
View solution in original post
I understood that you are facing issue as multiple IP's to access your Fortigate device using RDP and those ip's are from china, russia, usa location.
You want to allow the traffic with some specific ip's, you can do the same by allowing only the specific public ip's to be in the source of the policy.
Also you can allow/block the specific geolocation to access the RDP devices, you can refer below KB for the same. Hope it will help.
GEO IP - Blocklisting & whitelisting countries & regionshttps://docs.fortinet.com/document/fortiweb/7.2.3/administration-guide/226257/geo-ip-blocklisting-wh...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.