Hot!Geoblocking to one URL

Author
Seppel
Silver Member
  • Total Posts : 96
  • Scores: 14
  • Reward points: 0
  • Joined: 2004/06/22 14:02:34
  • Location: Switzerland
  • Status: offline
2020/03/23 00:40:24 (permalink)
0

Geoblocking to one URL

Hi
We have several websites on a web server with one IP address. is it possible to use geobloking with fortigate to one website on the server? the other websites should not be affected.
 
Regards.
 
Andy

Fortigate 500E HA
Fortimail 200
Fortimanager
FortiEMS
FortiSandbox 1000D
FortiSwitch Network
Some other Models in use :-)
----------------------------------------------------
FCSE
----------------------------------------------------
#1

4 Replies Related Threads

    Paul W Crane_FTNT
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/23 10:39:15
    • Status: offline
    Re: Geoblocking to one URL 2020/03/23 14:27:12 (permalink)
    0
    Sorry about that, I misunderstood the question.  Dave is correct, you'll have to give that website a unique IP to use Geoblock for inbound connections.
    post edited by Paul W Crane_FTNT - 2020/03/25 09:07:22
    #2
    ede_pfau
    Expert Member
    • Total Posts : 6241
    • Scores: 522
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Geoblocking to one URL 2020/03/24 03:42:33 (permalink)
    0
    No, I don't think the WF is the right tool for what you are planning to do.
     
    Geoblocking only looks at the source IP range, mapped to a country.
    Webfilter only looks at the URL, and cannot be chained to another filter if the action is BLOCK. In general, WF would need to be used as a matching criterium in a policy, but a FGT can only match on addresses, ports, schedule and user.
     
    Wait, a policy could match on an FQDN destination address. If you combine that with an country specific source address group you could create a policy which matches both to block that traffic. You could give that a try.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #3
    Dave Hall
    Expert Member
    • Total Posts : 1641
    • Scores: 174
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Geoblocking to one URL 2020/03/24 07:34:13 (permalink)
    0
    Could be wrong in this assumption, but it kinda looks like Andy is asking to block specified country hosts from accessing a hosted web site on a web server that is behind the fgt. 

    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
    #4
    Seppel
    Silver Member
    • Total Posts : 96
    • Scores: 14
    • Reward points: 0
    • Joined: 2004/06/22 14:02:34
    • Location: Switzerland
    • Status: offline
    Re: Geoblocking to one URL 2020/03/25 00:08:12 (permalink)
    0
    thanks for your contributions. it is as dave suspects, the webserver is in the dmz, the webserver has several websites on one IP address and i would like to allow outside access to this page only from selected countries.
    I have already done some tests, but none of them have brought the solution. I will probably have to add another ip address on the server
     
    Greets
    Andy

    Fortigate 500E HA
    Fortimail 200
    Fortimanager
    FortiEMS
    FortiSandbox 1000D
    FortiSwitch Network
    Some other Models in use :-)
    ----------------------------------------------------
    FCSE
    ----------------------------------------------------
    #5
    Jump to:
    © 2020 APG vNext Commercial Version 5.5