config load-balance : config load-balance whitelist
 
config load-balance whitelist
Use this command to configure the Geography IP address whitelist.You use the whitelist to permit requests from clients that otherwise might be denied by the Geography IP address block list. For example, you might have a good reason to block requests from the whole address range for a country, except for the addresses for your known customers.
Before you begin:
You must have read-write permission for load balancing settings.
After you have configured a Geography IP address whitelist, you can specify it in the virtual server configuration.
Syntax
config load-balance geoip-whitelist
edit <name>
set description <string>
set status {enable|disable}
config whitelist-member
edit <No.>
set ip-network <ip&netmask>
next
next
end
 
description
A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use. Put phrases in quotes. For example: “Customer ABC”.
status
Enable/disable the list.
config whitelist-member
ip-network
Specify the IP address and CIDR-formatted subnet mask, separated by a forward slash ( / ), such as 192.0.2.0/24. Dotted quad formatted subnet masks are not accepted.
IPv6 addresses are not supported.
Example
FortiADC-VM # config load-balance whitelist
 
FortiADC-VM (whitelist) # edit demo
Add new entry 'demo' for node 2893
 
FortiADC-VM (demo) # get
description : IP-geo-white-list
status : enable
 
FortiADC-VM (demo) # set description "Customer ABC."
 
FortiADC-VM (demo) # config whitelist-member
 
FortiADC-VM (whitelist-member) # edit 1
Add new entry '1' for node 2897
 
FortiADC-VM (1) # get
ip-network : 0.0.0.0/0
 
FortiADC-VM (1) # set ip-network 192.0.2.0/24
 
FortiADC-VM (1) # end
 
FortiADC-VM (demo) # get
description : "Customer ABC."
status : enable
== [ 1 ]
 
FortiADC-VM (demo) # end