Fortinet black logo

Administration Guide

IPv6 geography-based addresses

IPv6 geography-based addresses

Geography-based IPv6 addresses can be created and applied to IPv6 firewall policies.

Note

IPv6 geography-based addresses do not support geoip-override or geoip-anycast.

To create an IPv6 geography-based address in the GUI:
  1. Go to Policy and Objects > Addresses.
  2. Click Create New > Address.
  3. Set Category to IPv6 Address.
  4. Enter a name for the address.
  5. Set Type to IPv6 Geography.
  6. Select the Country/Region from the list.
  7. Optionally, enter comments.

  8. Click OK.
To use the IPv6 geography address in a policy:
  1. Go to Policy & Objects > Firewall Policy.
  2. Edit an existing policy, or create a new one, using the IPv6 geography address as the Source or Destination Address.

  3. In the policy list, hover over the address to view details.

To configure an IPv6 geography-based address in the CLI:
  1. Create an IPv6 geography-based address:
    config firewall address6
        edit "test-ipv6-geoip"
            set type geography
            set color 6
            set comment "IPv6 Geography address"
            set country "CA"
        next
    end
  2. Use the IPv6 geography-based address in a policy:
    config firewall policy
        edit 1
            set name "test-policy6-1"
            set srcintf "port6"
            set dstintf "port5"
            set srcaddr6 "all"
            set dstaddr6 "test-ipv6-geoip"
            set action accept
            set schedule "always"
            set service "ALL"
            set nat enable
        next
    end

IPv6 geography-based addresses

Geography-based IPv6 addresses can be created and applied to IPv6 firewall policies.

Note

IPv6 geography-based addresses do not support geoip-override or geoip-anycast.

To create an IPv6 geography-based address in the GUI:
  1. Go to Policy and Objects > Addresses.
  2. Click Create New > Address.
  3. Set Category to IPv6 Address.
  4. Enter a name for the address.
  5. Set Type to IPv6 Geography.
  6. Select the Country/Region from the list.
  7. Optionally, enter comments.

  8. Click OK.
To use the IPv6 geography address in a policy:
  1. Go to Policy & Objects > Firewall Policy.
  2. Edit an existing policy, or create a new one, using the IPv6 geography address as the Source or Destination Address.

  3. In the policy list, hover over the address to view details.

To configure an IPv6 geography-based address in the CLI:
  1. Create an IPv6 geography-based address:
    config firewall address6
        edit "test-ipv6-geoip"
            set type geography
            set color 6
            set comment "IPv6 Geography address"
            set country "CA"
        next
    end
  2. Use the IPv6 geography-based address in a policy:
    config firewall policy
        edit 1
            set name "test-policy6-1"
            set srcintf "port6"
            set dstintf "port5"
            set srcaddr6 "all"
            set dstaddr6 "test-ipv6-geoip"
            set action accept
            set schedule "always"
            set service "ALL"
            set nat enable
        next
    end