config load-balance geoip-list
Use this command to configure the Geo IP address block list.
The FortiGuard Geo IP service provides a database that maps IP addresses to countries, satellite providers, and anonymous proxies. The database is updated periodically.
The Geo IP block list is a policy that takes the action you specify when the virtual server receives requests from IP addresses in the blocked country’s IP address space.
For Layer 4 virtual servers, FortiADC blocks access when the first TCP SYN packet arrives. For Layer 7 virtual servers, FortiADC blocks access after the handshake, allowing it to redirect the traffic if you have configured it to do so.
Basic Steps
1. Configure the connection to FortiGuard so the system can receive periodic Geo IP Database updates.
2. Create rules to block traffic from locations.
3. Maintain a whitelist to allow traffic from specified subnets even if they belong to the address space blocked by the Geo IP block list.
4. Select the Geo IP block list and whitelist in the profiles you associate with virtual servers.
Before you begin:
• You must have read-write permission for load balancing settings.
Syntax
config load-balance geoip-list
edit <name>
set action {deny | pass | redirect | send-403-forbidden}
set log {enable|disable}
set severity {high | low | medium}
set status {enable|disable}
config geoip-member
edit <No.>
set country <country-code>
next
next
end
action | • Pass • Deny • Redirect (you can specify a redirect URL in the virtual server configuration) • Send 403 Forbidden Note: Layer 4 and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply a configuration that uses these options to a Layer 4 or TCPS virtual server, FortiADC logs the action as Redirect or Send 403 Forbidden, but in fact denies the traffic. |
log | Enable/disable logging. |
severity | The severity to apply to the event. Severity is useful when you filter and sort logs: • low • medium • high |
status | Enable/disable the list. |
config geoip-member |
country | Specify a geolocation object. Type ? to see a list. The list includes countries as well as selections for anonymous proxies and satellite providers. |
Example
FortiADC-VM # config load-balance geoip-list
FortiADC-VM (geoip-list) # edit demo
Add new entry 'demo' for node 2883
FortiADC-VM (demo) # get
log : disable
action : deny
severity : low
status : enable
FortiADC-VM (demo) # set log enable
FortiADC-VM (demo) # set severity high
FortiADC-VM (demo) # config geoip-member
FortiADC-VM (geoip-member) # edit 1
Add new entry '1' for node 2888
FortiADC-VM (1) # set country ?
<datasource> country name.
Reserved system.geoip-override
"Anonymous Proxy" system.geoip-override
"Satellite Provider" system.geoip-override
"Other Country" system.geoip-override
Andorra system.geoip-override
"United Arab Emirates" system.geoip-override
Afghanistan system.geoip-override
"Antigua and Barbuda" system.geoip-override
Anguilla system.geoip-override
Albania system.geoip-override
Armenia system.geoip-override
"Netherlands Antilles" system.geoip-override
Angola system.geoip-override
"Asia/Pacific Region" system.geoip-override
Antarctica system.geoip-override
Argentina system.geoip-override
"American Samoa" system.geoip-override
Austria system.geoip-override
Australia system.geoip-override
Aruba system.geoip-override
"Aland Islands" system.geoip-override
Azerbaijan system.geoip-override
"Bosnia and Herzegovina" system.geoip-override
Barbados system.geoip-override
Bangladesh system.geoip-override
Belgium system.geoip-override
"Burkina Faso" system.geoip-override
Bulgaria system.geoip-override
Bahrain system.geoip-override
Burundi system.geoip-override
Benin system.geoip-override
"Saint Bartelemey" system.geoip-override
Bermuda system.geoip-override
"Brunei Darussalam" system.geoip-override
Bolivia system.geoip-override
"Bonaire, Saint Eustatius and Saba" system.geoip-override
Brazil system.geoip-override
Bahamas system.geoip-override
Bhutan system.geoip-override
"Bouvet Island" system.geoip-override
Botswana system.geoip-override
Belarus system.geoip-override
Belize system.geoip-override
Canada system.geoip-override
"Cocos (Keeling) Islands" system.geoip-override
"Congo, The Democratic Republic of the" system.geoip-override
"Central African Republic" system.geoip-override
Congo system.geoip-override
Switzerland system.geoip-override
"Cote d\'Ivoire" system.geoip-override
"Cook Islands" system.geoip-override
Chile system.geoip-override
Cameroon system.geoip-override
China system.geoip-override
Colombia system.geoip-override
"Costa Rica" system.geoip-override
Cuba system.geoip-override
"Cape Verde" system.geoip-override
Curacao system.geoip-override
"Christmas Island" system.geoip-override
Cyprus system.geoip-override
"Czech Republic" system.geoip-override
Germany system.geoip-override
Djibouti system.geoip-override
Denmark system.geoip-override
Dominica system.geoip-override
"Dominican Republic" system.geoip-override
Algeria system.geoip-override
Ecuador system.geoip-override
Estonia system.geoip-override
Egypt system.geoip-override
"Western Sahara" system.geoip-override
Eritrea system.geoip-override
Spain system.geoip-override
Ethiopia system.geoip-override
Europe system.geoip-override
Finland system.geoip-override
Fiji system.geoip-override
"Falkland Islands (Malvinas)" system.geoip-override
"Micronesia, Federated States of" system.geoip-override
"Faroe Islands" system.geoip-override
France system.geoip-override
Gabon system.geoip-override
"United Kingdom" system.geoip-override
Grenada system.geoip-override
Georgia system.geoip-override
"French Guiana" system.geoip-override
Guernsey system.geoip-override
Ghana system.geoip-override
Gibraltar system.geoip-override
Greenland system.geoip-override
Gambia system.geoip-override
Guinea system.geoip-override
Guadeloupe system.geoip-override
"Equatorial Guinea" system.geoip-override
Greece system.geoip-override
"South Georgia and the South Sandwich Islands" system.geoip-override
Guatemala system.geoip-override
Guam system.geoip-override
Guinea-Bissau system.geoip-override
Guyana system.geoip-override
"Hong Kong" system.geoip-override
"Heard Island and McDonald Islands" system.geoip-override
Honduras system.geoip-override
Croatia system.geoip-override
Haiti system.geoip-override
Hungary system.geoip-override
Indonesia system.geoip-override
Ireland system.geoip-override
Israel system.geoip-override
"Isle of Man" system.geoip-override
India system.geoip-override
"British Indian Ocean Territory" system.geoip-override
Iraq system.geoip-override
"Iran, Islamic Republic of" system.geoip-override
Iceland system.geoip-override
Italy system.geoip-override
Jersey system.geoip-override
Jamaica system.geoip-override
Jordan system.geoip-override
Japan system.geoip-override
Kenya system.geoip-override
Kyrgyzstan system.geoip-override
Cambodia system.geoip-override
Kiribati system.geoip-override
Comoros system.geoip-override
"Saint Kitts and Nevis" system.geoip-override
"Korea, Democratic People\'s Republic of" system.geoip-override
"Korea, Republic of" system.geoip-override
Kuwait system.geoip-override
"Cayman Islands" system.geoip-override
Kazakhstan system.geoip-override
"Lao People\'s Democratic Republic" system.geoip-override
Lebanon system.geoip-override
"Saint Lucia" system.geoip-override
Liechtenstein system.geoip-override
"Sri Lanka" system.geoip-override
Liberia system.geoip-override
Lesotho system.geoip-override
Lithuania system.geoip-override
Luxembourg system.geoip-override
Latvia system.geoip-override
"Libyan Arab Jamahiriya" system.geoip-override
Morocco system.geoip-override
Monaco system.geoip-override
"Moldova, Republic of" system.geoip-override
Montenegro system.geoip-override
"Saint Martin" system.geoip-override
Madagascar system.geoip-override
"Marshall Islands" system.geoip-override
Macedonia system.geoip-override
Mali system.geoip-override
Myanmar system.geoip-override
Mongolia system.geoip-override
Macao system.geoip-override
"Northern Mariana Islands" system.geoip-override
Martinique system.geoip-override
Mauritania system.geoip-override
Montserrat system.geoip-override
Malta system.geoip-override
Mauritius system.geoip-override
Maldives system.geoip-override
Malawi system.geoip-override
Mexico system.geoip-override
Malaysia system.geoip-override
Mozambique system.geoip-override
Namibia system.geoip-override
"New Caledonia" system.geoip-override
Niger system.geoip-override
"Norfolk Island" system.geoip-override
Nigeria system.geoip-override
Nicaragua system.geoip-override
Netherlands system.geoip-override
Norway system.geoip-override
Nepal system.geoip-override
Nauru system.geoip-override
Niue system.geoip-override
"New Zealand" system.geoip-override
Oman system.geoip-override
Panama system.geoip-override
Peru system.geoip-override
"French Polynesia" system.geoip-override
"Papua New Guinea" system.geoip-override
Philippines system.geoip-override
Pakistan system.geoip-override
Poland system.geoip-override
"Saint Pierre and Miquelon" system.geoip-override
Pitcairn system.geoip-override
"Puerto Rico" system.geoip-override
"Palestinian Territory" system.geoip-override
Portugal system.geoip-override
Palau system.geoip-override
Paraguay system.geoip-override
Qatar system.geoip-override
Reunion system.geoip-override
Romania system.geoip-override
Serbia system.geoip-override
"Russian Federation" system.geoip-override
Rwanda system.geoip-override
"Saudi Arabia" system.geoip-override
"Solomon Islands" system.geoip-override
Seychelles system.geoip-override
Sudan system.geoip-override
Sweden system.geoip-override
Singapore system.geoip-override
"Saint Helena" system.geoip-override
Slovenia system.geoip-override
"Svalbard and Jan Mayen" system.geoip-override
Slovakia system.geoip-override
"Sierra Leone" system.geoip-override
"San Marino" system.geoip-override
Senegal system.geoip-override
Somalia system.geoip-override
Suriname system.geoip-override
"South Sudan" system.geoip-override
"Sao Tome and Principe" system.geoip-override
"El Salvador" system.geoip-override
"Sint Maarten" system.geoip-override
"Syrian Arab Republic" system.geoip-override
Swaziland system.geoip-override
"Turks and Caicos Islands" system.geoip-override
Chad system.geoip-override
"French Southern Territories" system.geoip-override
Togo system.geoip-override
Thailand system.geoip-override
Tajikistan system.geoip-override
Tokelau system.geoip-override
Timor-Leste system.geoip-override
Turkmenistan system.geoip-override
Tunisia system.geoip-override
Tonga system.geoip-override
Turkey system.geoip-override
"Trinidad and Tobago" system.geoip-override
Tuvalu system.geoip-override
Taiwan system.geoip-override
"Tanzania, United Republic of" system.geoip-override
Ukraine system.geoip-override
Uganda system.geoip-override
"United States Minor Outlying Islands" system.geoip-override
"United States" system.geoip-override
Uruguay system.geoip-override
Uzbekistan system.geoip-override
"Holy See (Vatican City State)" system.geoip-override
"Saint Vincent and the Grenadines" system.geoip-override
Venezuela system.geoip-override
"Virgin Islands, British" system.geoip-override
"Virgin Islands, U.S." system.geoip-override
Vietnam system.geoip-override
Vanuatu system.geoip-override
"Wallis and Futuna" system.geoip-override
Samoa system.geoip-override
Yemen system.geoip-override
Mayotte system.geoip-override
"South Africa" system.geoip-override
Zambia system.geoip-override
Zimbabwe system.geoip-override
FortiADC-VM (1) # set country "Micronesia, Federated States of"
FortiADC-VM (1) # get
country : "Micronesia, Federated States of"
FortiADC-VM (1) # end
FortiADC-VM (demo) # get
log : enable
action : deny
severity : high
status : enable
== [ 1 ]
FortiADC-VM (demo) # end