We currently use Geoblocking to block access to external web servers
from "unfriendly countries." This works quite well. However, we still
receive a lot of malicious attacks from IPs from "friendly countries."
The majority of these IPs originate from...
Yes, I did fill out the entire rule. I believe the error, "Source
addresses/groups must have different IP versions than source Internet
Services" was related to the fact that I was trying to add VPN-Anonymous
to an existing DENY rule. I created a new...
We use a Netscaler to front the web servers now. So yes, we use "VIP,"
but on the Netscaler, not the Fortigate. The Netscalers are behind the
Fortigate. If I try to add the way you illustrate in your screenshot, I
receive a message "Source addresses/...
Looks like Fortinet used to have this option:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-incoming-traffic-from-anonymity/ta-p/194132?externalID=FD40199
The "Anonymous Proxy" option is no longer there.
Thanks. I would like a "Private VPN" object that Fortinet provides,
similar to the Geoblock Country object list, that Fortinet provides now.
This would allow us to block all access from Private VPN IPs; the list
would be updated as part of the regula...
