troubleshooting Question

Fortigate fw - geo blocking everything but U.S.

Avatar of Steve Bantz
Steve BantzFlag for United States of America asked on
Hardware Firewalls
5 Comments1 Solution163 ViewsLast Modified:
We are currently using a Fortigate 100F with firmware v6.2.2 build 6083.  We recently upgraded from an older 200B that is end-of-life soon. To geo-block countries in the past, we had added an Address object named "Country Block - Countryname" and set a type of geography to it.  We then added this address to an Address Group named Country Block that is contained in the existing IPV4 policy that blocks incoming traffic from the outside-zone.

With the latest build of 6.2.2, is there a more efficient way of doing this?  Also and perhaps more importantly, we are considering blocking everything but US sources and I am curious what the recommended course of action is to do this efficiently.  We don't have public-facing servers and I am just looking to harden intrusion prevention.  I realize this isn't a silver bullet but anything I can do to lessen exposure to risk is desired.

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros