Finally GEO location blocking has arrived to Fortigate


It was predictable thing for Fortinet to do as everyone else has already been doing so. I haven’t verified myself but according to the informed source (can only say his name - Hen) they are using Maxmind database . So let’s see how to do it .
First you create in New Address dialog window the Geography type object specifying the country. As you can only pick one country per address use Address Groups to combine few countries together. After creating such Address object you can use it in Firewall Policy just as you would the usual Address. The only reason I can think of why you would use Geo location block is to lower noise/size of logs by silently dropping traffic from unwanted countries.