Checking IP Address in Fortigate Geography-based Filter list

If you have a website and want to restrict it's access only to some specific countries, Fortinet's geography-based filtering would be very handy in that situation. The geographic-based addresses allow you to indicate the country, and the traffic originating or going to this country is logged, blocked or specific filtering is applied. But there will also be a situation when you might want to know if specific subnet is included in a country list or not. The following handy command will help you in that situation.

#diagnose firewall ipgeo {country-list | ip-list | ip2country}

#diagnose firewall ipgeo ip-list India | grep 180.17


which gave the following output:

         180.178.0.0 - 180.178.31.255
         180.179.0.0 - 180.179.255.255
        72.8.180.176 - 72.8.180.187
         180.152.0.0 - 180.175.255.255
       180.178.192.0 - 180.178.255.255
       180.178.128.0 - 180.178.191.255


The result shows the IP ranges containing the exact match of 180.17 in any one of the octet.



Comments

Popular posts from this blog

Ansible-Playbook to display output of multiple show commands (using stdout_lines with Loop)

Filtering Routes in BGP using Route-maps and Prefix-list

Ansible-playbook for backing up running config of Cisco IOS

Ansible Playbook for Network OS Upgrade with pre and post checks

Cisco ASA Active/Active Failover Configuration

VMware NSX Traffic Flow — East-West & North-South

Export or Backup Azure Network Security Groups into CSV using PowerShell

Get Model Number and Serial number of Cisco devices using ios_facts module