Checking IP Address in Fortigate Geography-based Filter list

If you have a website and want to restrict it's access only to some specific countries, Fortinet's geography-based filtering would be very handy in that situation. The geographic-based addresses allow you to indicate the country, and the traffic originating or going to this country is logged, blocked or specific filtering is applied. But there will also be a situation when you might want to know if specific subnet is included in a country list or not. The following handy command will help you in that situation.

#diagnose firewall ipgeo {country-list | ip-list | ip2country}

#diagnose firewall ipgeo ip-list India | grep 180.17


which gave the following output:

         180.178.0.0 - 180.178.31.255
         180.179.0.0 - 180.179.255.255
        72.8.180.176 - 72.8.180.187
         180.152.0.0 - 180.175.255.255
       180.178.192.0 - 180.178.255.255
       180.178.128.0 - 180.178.191.255


The result shows the IP ranges containing the exact match of 180.17 in any one of the octet.



Comments

Popular posts from this blog

Specifying SSH port in Ansible Inventory

Ansible-Playbook to display output of multiple show commands (using stdout_lines with Loop)

Filtering Routes in BGP using Route-maps and Prefix-list

Ansible Playbook for Network OS Upgrade with pre and post checks

VMware NSX Traffic Flow — East-West & North-South

Bypassing Proxy Server in Google Chrome

Export or Backup Azure Network Security Groups into CSV using PowerShell

Ansible-playbook for backing up running config of Cisco IOS