- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL VPN and Geo IP addresses
Hi,
is it possible to restrict access to ssl vpn by means of Geo IP addresses (Fortios FW 5.2.6)? I couldn't find a way to do this.
Thanks and regards
Ueli
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ueli,
Yes this is possible.
Go to [Policy & Objects].[Objects].[Addresses] in the GUI
Create a new address with the type Geography and select the required Country.
Save the Address
Then proceed to [VPN].[SSL].[Settings] in the GUI
Under connection settings select the radio button {Limit access to specific hosts} and select the address you created above. You can select multiple addresses in this list. Alternatively you can create an address group and reference that group in the SSL VPN settings.
Regards,
Craig
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Craig,
thanks a lot for your qick replay. Works like a charm!
Regards
Ueli
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible to do this with an IPsec VPN? I tried setting the phase 2 selector remote IP range to change it from 0.0.0.0, but I can't use the Geography type address object I created for the US.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you do it via firewall-local in and use your defined GEO-firewall-address type?
I know it works for SSLvpn, ssh and https management. It should work for ipsec also.
Ken
PCNSE
NSE
StrongSwan
