SSL VPN and Geo IP addresses

fernet17 · ‎04-19-2016

Hi,

is it possible to restrict access to ssl vpn by means of Geo IP addresses (Fortios FW 5.2.6)? I couldn't find a way to do this.

Thanks and regards

Ueli

craigusza · ‎04-19-2016

Hi Ueli,

Yes this is possible.

Go to [Policy & Objects].[Objects].[Addresses] in the GUI

Create a new address with the type Geography and select the required Country.

Save the Address

Then proceed to [VPN].[SSL].[Settings] in the GUI

Under connection settings select the radio button {Limit access to specific hosts} and select the address you created above. You can select multiple addresses in this list. Alternatively you can create an address group and reference that group in the SSL VPN settings.

Regards,

Craig

fernet17 · ‎04-19-2016

Hello Craig,

thanks a lot for your qick replay. Works like a charm!

Regards

Ueli

FortiMess · ‎08-17-2017

Is it possible to do this with an IPsec VPN? I tried setting the phase 2 selector remote IP range to change it from 0.0.0.0, but I can't use the Geography type address object I created for the US.

emnoc · ‎08-17-2017

Could you do it via firewall-local in and use your defined GEO-firewall-address type?

I know it works for SSLvpn, ssh and https management. It should work for ipsec also.

Ken

PCNSE

NSE

StrongSwan

SSL VPN and Geo IP addresses

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website