Description
The article describes how to configure snternet service database objects with geographical information in the policy.
Geographic-Based Internet Service Database (ISDB) objects allows users to define a country, region, and city.
These objects can be used in firewall policies for more granular control over the location of the parent ISDB object.
ISDB objects are now referenced in policies by name instead of ID.
Solution
To apply a location-based ISDB object to a policy from the GUI.
1) Create the ISDB object.
- Go to Policy & Objects -> Internet Service Database and select 'Create New'.
- For Type, select 'Geographic Based' and configure the other settings as needed.
- Select 'OK'.
# config firewall internet-service-name2) View the IP ranges in the location-based internet service.
edit "test-locaction-isdb-1"
set type location
set internet-service-id 65536
set country-id 840
set region-id 283
set city-id 23352
next
end
# diagnose internet-service id 65536 | grep "country(840) region(283) city(23352)"3) Add the ISDB object to a policy.
96.45.33.73-96.45.33.73 country(840) region(283) city(23352) blacklist(0x0) reputation(4), domain(5) popularity(0) botnet(0) proto(6) port(1-65535) 96.45.33.73-96.45.33.73 country(840) region(283) city(23352) blacklist(0x0) reputation(4), domain(5) popularity(0) botnet(0) proto(17) port(1-65535) 198.94.221.56-198.94.221.56 country(840) region(283) city(23352) blacklist(0x0) reputation (4), domain(5) popularity(4) botnet(0) proto(6) port(1-65535) 198.94.221.56-198.94.221.56 country(840) region(283) city(23352) blacklist(0x0) reputation (4), domain(5) popularity(4) botnet(0) proto(17) port(1-65535)
# config firewall policy
edit 99
set name "Demo_Policy"
set srcintf "wan2"
set dstintf "wan1"
set srcaddr "all"
set internet-service enable
set internet-service-name "test-locaction-isdb-1"
set action accept
set schedule "always"
set logtraffic all
set logtraffic-start enable
set auto-asic-offload disable
set nat enable
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.