Cách 1: Cấu hình bằng CLI.
1) Configure firewall address with the type geography.
# config firewall address
edit "restriction_poland"
set type geography
set country "PL" <----- Only allow connections from country Poland.
next
end
2) Configure firewall address group.
# config firewall addrgrp
edit "Geo_restriction_ssl_vpn"
set member "restriction_poland"
next
end
3) Configure the firewall address group as the source-address under ssl vpn settings.
# config vpn ssl settings
set servercert "Fortinet_Factory"
set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"
set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
set port 444
set source-interface "wan1"
set source-address "Geo_restriction_ssl_vpn"
end
Cấu hình trên GUI.
1) Go to Policy & Objects -> Addresses, select 'Create new', select the address Type as 'Geography' and select the country to allow.
![](/uploads/news/2023_06/image_2.png)
Nếu có nhiều Quốc gia cho phép VPN thì tạo theo Group
2) Once created the country on the addresses the same has to be mapped on the firewall SSL-VPN settings to restrict the access.
Go to VPN -> SSL-VPN Settings, in 'Restrict Access' select 'Limit access to specific hosts', and add a host to allow for accessing the VPN.
Vì vậy, chỉ những địa chỉ IP khu vực đã chọn mới có thể kết nối với SSL-VPN.
https://www.linkedin.com/pulse/fortinet-restricting-ssl-vpn-connectivity-from-certain-joe-brunner/