Checking IP Address in Fortigate Geography-based Filter list

If you have a website and want to restrict it's access only to some specific countries, Fortinet's geography-based filtering would be very handy in that situation. The geographic-based addresses allow you to indicate the country, and the traffic originating or going to this country is logged, blocked or specific filtering is applied. But there will also be a situation when you might want to know if specific subnet is included in a country list or not. The following handy command will help you in that situation.

#diagnose firewall ipgeo {country-list | ip-list | ip2country}

#diagnose firewall ipgeo ip-list India | grep 180.17

which gave the following output:
 - - - - - -

The result shows the IP ranges containing the exact match of 180.17 in any one of the octet.


Popular posts from this blog

Anyconnect SSL-Client VPN with Self-signed Certificate on Cisco ASA

Filtering Routes in BGP using Route-maps and Prefix-list

Open Shortest Path First (OSPF)

IKEv2 IPsec Site-to-Site VPN configuration on Cisco ASA 8.4(x)

IPsec VPN as a Backup for Point-to-Point Link using IP SLA

Border Gateway Protocol (BGP)

Cisco ASA Active/Active Failover Configuration

Bypassing Proxy Server in Google Chrome

Cisco ASA Active/Standby Failover Configuration