Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ipranger
Contributor

Since FortiOS7 address type geography is not possible anymore

Hello all, 

 

i i would like to add an countryblocker with type geography, the system did no allow that. The errormessage at the CMD is very strange.

Can not be geography address when it is a member of addrgrp used by ipsec_tunnel!

But this is a new object, so no member of anything. Is there anything that can be done? Is this a bug?

 

Very thanks and best Regards

Fortigate 60E v7.x (GA)

Fortigate 60E v7.x (GA)
5 REPLIES 5
lobstercreed
Valued Contributor

Interesting.  I have not jumped to 7.0 even at my home because of previous experiences with .0 releases.  I would guess this is a bug, and it'd help the rest of us out if you could open a support ticket for it.  :)

ipranger

lobstercreed wrote:

Interesting.  I have not jumped to 7.0 even at my home because of previous experiences with .0 releases.  I would guess this is a bug, and it'd help the rest of us out if you could open a support ticket for it.  :)

Created :) Now waiting...

Fortigate 60E v7.x (GA)

Fortigate 60E v7.x (GA)
emnoc
Esteemed Contributor III

I do not have any issue creating geo block

 

 

SOCPUPFGT02 (address) # edit USAnew entry 'USA' added SOCPUPFGT02 (USA) # set type geography  SOCPUPFGT02 (USA) # set country US SOCPUPFGT02 (USA) # end fortios7.0  I also tried in WebGUI alsoKen Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
ipranger

Strange, maybe only in policy based mode? In any case, Fortinet probably sees things differently, and the whole thing goes to a senior engineer. It will be interesting.

Fortigate 60E v7.x (GA)

Fortigate 60E v7.x (GA)
ipranger

Support checked the whole thing and found out that for some reason only one S2S VPN blocks this.

It is sufficient to set the source and destination to all/all in VPN phase 2, and it is already possible to create geo addresses.

The Support was even able to verify this in the lab. Unfortunately, it is not clear why this happens.

Fortigate 60E v7.x (GA)

Fortigate 60E v7.x (GA)
Top Kudoed Authors