The FortiGuard Geo IP service provides a database that maps IP addresses to countries, satellite providers, and anonymous proxies. The database is updated periodically.
The Geo IP block list is a policy that takes the action you specify when the virtual server receives requests from IP addresses in the blocked country’s IP address space.
For Layer 4 virtual servers, FortiADC blocks access when the first TCP SYN packet arrives. For Layer 7 virtual servers, FortiADC blocks access after the handshake, allowing it to redirect the traffic if you have configured it to do so.
Pass
IPv4 only
Not supported for HTTP Turbo, RADIUS.
Deny
IPv4 only
Not supported for HTTP Turbo, RADIUS.
Redirect
IPv4 only
Not supported for HTTP Turbo, RADIUS, FTP, TCP, TCPS, UDP.
Send 403 Forbidden
IPv4 only
Not supported for HTTP Turbo, RADIUS, FTP, TCP, TCPS, UDP.
Name
Configuration name. Valid characters are A
-Z
, a
-z
, 0
-9
, _
, and -
. No spaces.
After you initially save the configuration, you cannot edit the name.
Default Action
- Pass—Allow the traffic.
- Deny—Drop the traffic.
- Redirect—Send a redirect. You specify the redirect URL on the profile configuration page.
- Send 403 Forbidden—Send the HTTP Response code 403.
Note: Layer 4 and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply an Geo IP configuration that uses these options to a Layer 4 or TCPS virtual server, FortiADC logs the action as Redirect or Send 403 Forbidden, but in fact denies the traffic.
Status
Enable or disable the Geo IP block list configuration.
Member
Log
Enable/disable logging.
Severity
The severity to apply to the event. Severity is useful when you filter and sort logs:
- Low
- Medium
- High
Action
- Pass—Allow the traffic.
- Deny—Drop the traffic.
- Redirect—Send a redirect. You specify the redirect URL on the profile configuration page.
- Send 403 Forbidden—Send the HTTP Response code 403.
Note: Layer 4 and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply an Geo IP configuration that uses these options to a Layer 4 or TCPS virtual server, FortiADC logs the action as Redirect or Send 403 Forbidden, but in fact denies the traffic.
Regions
Select a geolocation object. The list includes countries as well as selections for anonymous proxies and satellite providers.