- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Geo Blocking
Hello,
what if admin from the same country that apply geoblocking?Will that be a problem?
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
- It should not be a problem as we depend on Local-in-policies to restrict administrative access(HTTPS, PING, SSH, and others) in the interface level of the Firewall.
- Usually security policies are between the interfaces say port1 to port2. So the management communication towards the Firewall will not match.
- However when you are configuring the geo location block make sure you dont have any policy which can block this communication.
- Make sure you have some kind of alternate access to the firewall when you make this changes as a precautionary measure.
Regards,
Shiva
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
- It should not be a problem as we depend on Local-in-policies to restrict administrative access(HTTPS, PING, SSH, and others) in the interface level of the Firewall.
- Usually security policies are between the interfaces say port1 to port2. So the management communication towards the Firewall will not match.
- However when you are configuring the geo location block make sure you dont have any policy which can block this communication.
- Make sure you have some kind of alternate access to the firewall when you make this changes as a precautionary measure.
Regards,
Shiva
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@bayuaw
Are you implementing restriction on Administration access to Fortigate from Internet?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Limit-administration-access-by-geography-l...
Or are you implementing GeoIP Blocking for the traffic that passing through the Fortigate going to Internal Network?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-by-country-or-geolocation/ta-...
If it is the first one, if administrator IP is from block country then it is will be blocked by the local-in-policy.
Arnold Dimailig
TAC Engineer
