Checking IP Address in Fortigate Geography-based Filter list

If you have a website and want to restrict it's access only to some specific countries, Fortinet's geography-based filtering would be very handy in that situation. The geographic-based addresses allow you to indicate the country, and the traffic originating or going to this country is logged, blocked or specific filtering is applied. But there will also be a situation when you might want to know if specific subnet is included in a country list or not. The following handy command will help you in that situation.

#diagnose firewall ipgeo {country-list | ip-list | ip2country}

#diagnose firewall ipgeo ip-list India | grep 180.17


which gave the following output:

         180.178.0.0 - 180.178.31.255
         180.179.0.0 - 180.179.255.255
        72.8.180.176 - 72.8.180.187
         180.152.0.0 - 180.175.255.255
       180.178.192.0 - 180.178.255.255
       180.178.128.0 - 180.178.191.255


The result shows the IP ranges containing the exact match of 180.17 in any one of the octet.



Comments

Popular posts from this blog

Filtering Routes in BGP using Route-maps and Prefix-list

Ansible-playbook for backing up running config of Cisco IOS

Ansible-Playbook to display output of multiple show commands (using stdout_lines with Loop)

Export or Backup Azure Virtual Networks or Subnet information into CSV using PowerShell

Ansible Playbook for Network OS Upgrade with pre and post checks

Export or Backup Azure Route Table into CSV using PowerShell

Cisco ASA Active/Active Failover Configuration

VMware NSX Traffic Flow — East-West & North-South

Get Model Number and Serial number of Cisco devices using ios_facts module

Download Visio Stencils for Network Topology