Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.4.3 Administration Guide
7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

IPv6 geography-based addresses

IPv6 geography-based addresses

Geography-based IPv6 addresses can be created and applied to IPv6 firewall policies.

Note

IPv6 geography-based addresses do not support geoip-override or geoip-anycast.
To create an IPv6 geography-based address in the GUI:
  1. Go to Policy and Objects > Addresses and select IPv6 Address.
  2. Click Create new.
  3. Enter a name for the address.
  4. Set Type to IPv6 Geography.
  5. Select the Country/Region from the list.
  6. Optionally, enter comments.

  7. Click OK.
To use the IPv6 geography address in a policy:
  1. Go to Policy & Objects > Firewall Policy.
  2. Edit an existing policy, or create a new one, using the IPv6 geography address as the Source or Destination Address.

  3. In the policy list, hover over the address to view details.

To configure an IPv6 geography-based address in the CLI:
  1. Create an IPv6 geography-based address:
    config firewall address6
    edit "test-ipv6-geoip"
        set type geography
        set color 6
        set comment "IPv6 Geography address"
        set country "CA"
    next
end
  2. Use the IPv6 geography-based address in a policy:
    config firewall policy
    edit 1
        set name "test-policy6-1"
        set srcintf "port6"
        set dstintf "port5"
        set srcaddr6 "all"
        set dstaddr6 "test-ipv6-geoip"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
    next
end
Previous
Next

IPv6 geography-based addresses

Geography-based IPv6 addresses can be created and applied to IPv6 firewall policies.

Note

IPv6 geography-based addresses do not support geoip-override or geoip-anycast.
To create an IPv6 geography-based address in the GUI:
  1. Go to Policy and Objects > Addresses and select IPv6 Address.
  2. Click Create new.
  3. Enter a name for the address.
  4. Set Type to IPv6 Geography.
  5. Select the Country/Region from the list.
  6. Optionally, enter comments.

  7. Click OK.
To use the IPv6 geography address in a policy:
  1. Go to Policy & Objects > Firewall Policy.
  2. Edit an existing policy, or create a new one, using the IPv6 geography address as the Source or Destination Address.

  3. In the policy list, hover over the address to view details.

To configure an IPv6 geography-based address in the CLI:
  1. Create an IPv6 geography-based address:
    config firewall address6
    edit "test-ipv6-geoip"
        set type geography
        set color 6
        set comment "IPv6 Geography address"
        set country "CA"
    next
end
  2. Use the IPv6 geography-based address in a policy:
    config firewall policy
    edit 1
        set name "test-policy6-1"
        set srcintf "port6"
        set dstintf "port5"
        set srcaddr6 "all"
        set dstaddr6 "test-ipv6-geoip"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
    next
end
Previous
Next