Fortinet black logo

CLI Reference

waf geo-ip-except

waf geo-ip-except

Use this command to specify IP addresses or ranges of IP addresses that are exceptions to the list of client IP addresses that FortiWeb blocks based on their geographic location.

For details about creating the blacklist by country or region, see waf geo-block-list.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf geo-ip-except

edit "<geo-ip-except_name>"

edit <entry_index>

set ip {"<address_ipv4>" | "<ip_range_ipv4>"}

next

end

next

end

Variable Description Default

"<geo-ip-except_name>"

Enter the name of a new or existing list of exceptions.

To display the list of existing rules, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

ip {"<address_ipv4>" | "<ip_range_ipv4>"}

Enter the IP address or IP address range that is exempt from blocking based on its geographic location. No default.

Example

This example adds the IP address range 192.0.2.0 to 192.0.2.5 to the geo-location blacklist exception list allow-north-america.

config waf geo-ip-except

edit "allow-north-america"

set ip "92.0.2.0-192.0.2.5"

end

next

end

Related topics

waf geo-ip-except

Use this command to specify IP addresses or ranges of IP addresses that are exceptions to the list of client IP addresses that FortiWeb blocks based on their geographic location.

For details about creating the blacklist by country or region, see waf geo-block-list.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf geo-ip-except

edit "<geo-ip-except_name>"

edit <entry_index>

set ip {"<address_ipv4>" | "<ip_range_ipv4>"}

next

end

next

end

Variable Description Default

"<geo-ip-except_name>"

Enter the name of a new or existing list of exceptions.

To display the list of existing rules, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

ip {"<address_ipv4>" | "<ip_range_ipv4>"}

Enter the IP address or IP address range that is exempt from blocking based on its geographic location. No default.

Example

This example adds the IP address range 192.0.2.0 to 192.0.2.5 to the geo-location blacklist exception list allow-north-america.

config waf geo-ip-except

edit "allow-north-america"

set ip "92.0.2.0-192.0.2.5"

end

next

end

Related topics