2) View the IP ranges in the location-based internet service.
- Go to Policy & Objects -> Internet Service Database.
- In the table, hover over the object created in step 1) and select 'View/Edit Entries'.The list of IPs is displayed.- Select 'Return'.
3) Add the ISDB object to a policy.
- Go to Policy & Objects -> Firewall Policy. Create a new policy or edit an existing policy.
- For Destination, select 'Internet Service' and select the ISDB object created in step 1).
- Configure the other settings as needed.
- Select 'OK'.To apply a location-based ISDB object to a policy from the CLI.
1) Create the ISDB object.# config firewall internet-service-name2) View the IP ranges in the location-based internet service.
edit "test-locaction-isdb-1"
set type location
set internet-service-id 65536
set country-id 840
set region-id 283
set city-id 23352
next
end# diagnose internet-service id 65536 | grep "country(840) region(283) city(23352)"3) Add the ISDB object to a policy.
96.45.33.73-96.45.33.73 country(840) region(283) city(23352) blacklist(0x0) reputation(4), domain(5) popularity(0) botnet(0) proto(6) port(1-65535) 96.45.33.73-96.45.33.73 country(840) region(283) city(23352) blacklist(0x0) reputation(4), domain(5) popularity(0) botnet(0) proto(17) port(1-65535) 198.94.221.56-198.94.221.56 country(840) region(283) city(23352) blacklist(0x0) reputation (4), domain(5) popularity(4) botnet(0) proto(6) port(1-65535) 198.94.221.56-198.94.221.56 country(840) region(283) city(23352) blacklist(0x0) reputation (4), domain(5) popularity(4) botnet(0) proto(17) port(1-65535)# config firewall policy
edit 99
set name "Demo_Policy"
set srcintf "wan2"
set dstintf "wan1"
set srcaddr "all"
set internet-service enable
set internet-service-name "test-locaction-isdb-1"
set action accept
set schedule "always"
set logtraffic all
set logtraffic-start enable
set auto-asic-offload disable
set nat enable
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.