Checking IP Address in Fortigate Geography-based Filter list

If you have a website and want to restrict it's access only to some specific countries, Fortinet's geography-based filtering would be very handy in that situation. The geographic-based addresses allow you to indicate the country, and the traffic originating or going to this country is logged, blocked or specific filtering is applied. But there will also be a situation when you might want to know if specific subnet is included in a country list or not. The following handy command will help you in that situation.

#diagnose firewall ipgeo {country-list | ip-list | ip2country}

#diagnose firewall ipgeo ip-list India | grep 180.17

which gave the following output:
 - - - - - -

The result shows the IP ranges containing the exact match of 180.17 in any one of the octet.


Popular posts from this blog

Specifying SSH port in Ansible Inventory

Ansible-Playbook to display output of multiple show commands (using stdout_lines with Loop)

Filtering Routes in BGP using Route-maps and Prefix-list

Ansible Playbook for Network OS Upgrade with pre and post checks

VMware NSX Traffic Flow — East-West & North-South

Bypassing Proxy Server in Google Chrome

Export or Backup Azure Network Security Groups into CSV using PowerShell

Ansible-playbook for backing up running config of Cisco IOS