Geography objects – Deny by location

January 11, 2025 Faeem FORTINET, FORTIVM, NETWORK & SECURITY 1

Over the past six months, there has been a noticeable increase in a Port and IP scanning attempts from various geographic locations. By restricting the firewalls to specific IP addresses and setting up alerts, we were able to identify this trend. Interestingly, we have also observed attempts using random usernames rather than common ones like admin or generic username. The next step is to create a local-in-policy to block access-based Geographic locations. Please refer to link for instructions on creating a local-in-policy.

Now you will have a “deny by location” group. Adding the objects one by one can become cumbersome as there are too many. Also depending on how many attempts you have. After some research, I found someone had taken the time to create selective objects which made it easier. Thank you for this.

To add the objects, log onto the firewall and then open a CLI session.

Run the following command:

config firewall address

edit _geo-Reserved
set type geography
set country ZZ
next

edit _geo-Anonymous-Proxy
set type geography
set country A1
next

edit _geo-Satellite-Provider
set type geography
set country A2
next

edit _geo-Other-Country
set type geography
set country O1
next

edit _geo-Andorra
set type geography
set country AD
next

edit _geo-United-Arab-Emirates
set type geography
set country AE
next

edit _geo-Afghanistan
set type geography
set country AF
next

edit _geo-Antigua-and-Barbuda
set type geography
set country AG
next

edit _geo-Anguilla
set type geography
set country AI
next

edit _geo-Albania
set type geography
set country AL
next

edit _geo-Armenia
set type geography
set country AM
next

edit _geo-Netherlands-Antilles
set type geography
set country AN
next

edit _geo-Angola
set type geography
set country AO
next

edit _geo-Asia/Pacific-Region
set type geography
set country AP
next

edit _geo-Antarctica
set type geography
set country AQ
next

edit _geo-Argentina
set type geography
set country AR
next

edit _geo-American-Samoa
set type geography
set country AS
next

edit _geo-Austria
set type geography
set country AT
next

edit _geo-Australia
set type geography
set country AU
next

edit _geo-Aruba
set type geography
set country AW
next

edit _geo-Aland-Islands
set type geography
set country AX
next

edit _geo-Azerbaijan
set type geography
set country AZ
next

edit _geo-Bosnia-and-Herzegovina
set type geography
set country BA
next

edit _geo-Barbados
set type geography
set country BB
next

edit _geo-Bangladesh
set type geography
set country BD
next

edit _geo-Belgium
set type geography
set country BE
next

edit _geo-Burkina-Faso
set type geography
set country BF
next

edit _geo-Bulgaria
set type geography
set country BG
next

edit _geo-Bahrain
set type geography
set country BH
next

edit _geo-Burundi
set type geography
set country BI
next

edit _geo-Benin
set type geography
set country BJ
next

edit _geo-Saint-Bartelemey
set type geography
set country BL
next

edit _geo-Bermuda
set type geography
set country BM
next

edit _geo-Brunei-Darussalam
set type geography
set country BN
next

edit _geo-Bolivia
set type geography
set country BO
next

edit _geo-Bonaire,-Saint-Eustatius-and-Saba
set type geography
set country BQ
next

edit _geo-Brazil
set type geography
set country BR
next

edit _geo-Bahamas
set type geography
set country BS
next

edit _geo-Bhutan
set type geography
set country BT
next

edit _geo-Bouvet-Island
set type geography
set country BV
next

edit _geo-Botswana
set type geography
set country BW
next

edit _geo-Belarus
set type geography
set country BY
next

edit _geo-Belize
set type geography
set country BZ
next

edit _geo-Canada
set type geography
set country CA
next

edit _geo-Cocos-(Keeling)-Islands
set type geography
set country CC
next

edit _geo-Congo,-The-Democratic-Republic-of-the
set type geography
set country CD
next

edit _geo-Central-African-Republic
set type geography
set country CF
next

edit _geo-Congo
set type geography
set country CG
next

edit _geo-Switzerland
set type geography
set country CH
next

edit _geo-Cote-dIvoire
set type geography
set country CI
next

edit _geo-Cook-Islands
set type geography
set country CK
next

edit _geo-Chile
set type geography
set country CL
next

edit _geo-Cameroon
set type geography
set country CM
next

edit _geo-China
set type geography
set country CN
next

edit _geo-Colombia
set type geography
set country CO
next

edit _geo-Costa-Rica
set type geography
set country CR
next

edit _geo-Cuba
set type geography
set country CU
next

edit _geo-Cape-Verde
set type geography
set country CV
next

edit _geo-Curacao
set type geography
set country CW
next

edit _geo-Christmas-Island
set type geography
set country CX
next

edit _geo-Cyprus
set type geography
set country CY
next

edit _geo-Czech-Republic
set type geography
set country CZ
next

edit _geo-Germany
set type geography
set country DE
next

edit _geo-Djibouti
set type geography
set country DJ
next

edit _geo-Denmark
set type geography
set country DK
next

edit _geo-Dominica
set type geography
set country DM
next

edit _geo-Dominican-Republic
set type geography
set country DO
next

edit _geo-Algeria
set type geography
set country DZ
next

edit _geo-Ecuador
set type geography
set country EC
next

edit _geo-Estonia
set type geography
set country EE
next

edit _geo-Egypt
set type geography
set country EG
next

edit _geo-Western-Sahara
set type geography
set country EH
next

edit _geo-Eritrea
set type geography
set country ER
next

edit _geo-Spain
set type geography
set country ES
next

edit _geo-Ethiopia
set type geography
set country ET
next

edit _geo-Europe
set type geography
set country EU
next

edit _geo-Finland
set type geography
set country FI
next

edit _geo-Fiji
set type geography
set country FJ
next

edit _geo-Falkland-Islands-(Malvinas)
set type geography
set country FK
next

edit _geo-Micronesia,-Federated-States-of
set type geography
set country FM
next

edit _geo-Faroe-Islands
set type geography
set country FO
next

edit _geo-France
set type geography
set country FR
next

edit _geo-Gabon
set type geography
set country GA
next

edit _geo-United-Kingdom
set type geography
set country GB
next

edit _geo-Grenada
set type geography
set country GD
next

edit _geo-Georgia
set type geography
set country GE
next

edit _geo-French-Guiana
set type geography
set country GF
next

edit _geo-Guernsey
set type geography
set country GG
next

edit _geo-Ghana
set type geography
set country GH
next

edit _geo-Gibraltar
set type geography
set country GI
next

edit _geo-Greenland
set type geography
set country GL
next

edit _geo-Gambia
set type geography
set country GM
next

edit _geo-Guinea
set type geography
set country GN
next

edit _geo-Guadeloupe
set type geography
set country GP
next

edit _geo-Equatorial-Guinea
set type geography
set country GQ
next

edit _geo-Greece
set type geography
set country GR
next

edit _geo-South-Georgia-and-the-South-Sandwich-Islands
set type geography
set country GS
next

edit _geo-Guatemala
set type geography
set country GT
next

edit _geo-Guam
set type geography
set country GU
next

edit _geo-Guinea-Bissau
set type geography
set country GW
next

edit _geo-Guyana
set type geography
set country GY
next

edit _geo-Hong-Kong
set type geography
set country HK
next

edit _geo-Heard-Island-and-McDonald-Islands
set type geography
set country HM
next

edit _geo-Honduras
set type geography
set country HN
next

edit _geo-Croatia
set type geography
set country HR
next

edit _geo-Haiti
set type geography
set country HT
next

edit _geo-Hungary
set type geography
set country HU
next

edit _geo-Indonesia
set type geography
set country ID
next

edit _geo-Ireland
set type geography
set country IE
next

edit _geo-Israel
set type geography
set country IL
next

edit _geo-Isle-of-Man
set type geography
set country IM
next

edit _geo-India
set type geography
set country IN
next

edit _geo-British-Indian-Ocean-Territory
set type geography
set country IO
next

edit _geo-Iraq
set type geography
set country IQ
next

edit _geo-Iran,-Islamic-Republic-of
set type geography
set country IR
next

edit _geo-Iceland
set type geography
set country IS
next

edit _geo-Italy
set type geography
set country IT
next

edit _geo-Jersey
set type geography
set country JE
next

edit _geo-Jamaica
set type geography
set country JM
next

edit _geo-Jordan
set type geography
set country JO
next

edit _geo-Japan
set type geography
set country JP
next

edit _geo-Kenya
set type geography
set country KE
next

edit _geo-Kyrgyzstan
set type geography
set country KG
next

edit _geo-Cambodia
set type geography
set country KH
next

edit _geo-Kiribati
set type geography
set country KI
next

edit _geo-Comoros
set type geography
set country KM
next

edit _geo-Saint-Kitts-and-Nevis
set type geography
set country KN
next

edit _geo-Korea,-Democratic-People’s-Republic-of
set type geography
set country KP
next

edit _geo-Korea,-Republic-of
set type geography
set country KR
next

edit _geo-Kuwait
set type geography
set country KW
next

edit _geo-Cayman-Islands
set type geography
set country KY
next

edit _geo-Kazakhstan
set type geography
set country KZ
next

edit _geo-Lao-People’s-Democratic-Republic
set type geography
set country LA
next

edit _geo-Lebanon
set type geography
set country LB
next

edit _geo-Saint-Lucia
set type geography
set country LC
next

edit _geo-Liechtenstein
set type geography
set country LI
next

edit _geo-Sri-Lanka
set type geography
set country LK
next

edit _geo-Liberia
set type geography
set country LR
next

edit _geo-Lesotho
set type geography
set country LS
next

edit _geo-Lithuania
set type geography
set country LT
next

edit _geo-Luxembourg
set type geography
set country LU
next

edit _geo-Latvia
set type geography
set country LV
next

edit _geo-Libyan-Arab-Jamahiriya
set type geography
set country LY
next

edit _geo-Morocco
set type geography
set country MA
next

edit _geo-Monaco
set type geography
set country MC
next

edit _geo-Moldova,-Republic-of
set type geography
set country MD
next

edit _geo-Montenegro
set type geography
set country ME
next

edit _geo-Saint-Martin
set type geography
set country MF
next

edit _geo-Madagascar
set type geography
set country MG
next

edit _geo-Marshall-Islands
set type geography
set country MH
next

edit _geo-Macedonia
set type geography
set country MK
next

edit _geo-Mali
set type geography
set country ML
next

edit _geo-Myanmar
set type geography
set country MM
next

edit _geo-Mongolia
set type geography
set country MN
next

edit _geo-Macao
set type geography
set country MO
next

edit _geo-Northern-Mariana-Islands
set type geography
set country MP
next

edit _geo-Martinique
set type geography
set country MQ
next

edit _geo-Mauritania
set type geography
set country MR
next

edit _geo-Montserrat
set type geography
set country MS
next

edit _geo-Malta
set type geography
set country MT
next

edit _geo-Mauritius
set type geography
set country MU
next

edit _geo-Maldives
set type geography
set country MV
next

edit _geo-Malawi
set type geography
set country MW
next

edit _geo-Mexico
set type geography
set country MX
next

edit _geo-Malaysia
set type geography
set country MY
next

edit _geo-Mozambique
set type geography
set country MZ
next

edit _geo-Namibia
set type geography
set country NA
next

edit _geo-New-Caledonia
set type geography
set country NC
next

edit _geo-Niger
set type geography
set country NE
next

edit _geo-Norfolk-Island
set type geography
set country NF
next

edit _geo-Nigeria
set type geography
set country NG
next

edit _geo-Nicaragua
set type geography
set country NI
next

edit _geo-Netherlands
set type geography
set country NL
next

edit _geo-Norway
set type geography
set country NO
next

edit _geo-Nepal
set type geography
set country NP
next

edit _geo-Nauru
set type geography
set country NR
next

edit _geo-Niue
set type geography
set country NU
next

edit _geo-New-Zealand
set type geography
set country NZ
next

edit _geo-Oman
set type geography
set country OM
next

edit _geo-Panama
set type geography
set country PA
next

edit _geo-Peru
set type geography
set country PE
next

edit _geo-French-Polynesia
set type geography
set country PF
next

edit _geo-Papua-New-Guinea
set type geography
set country PG
next

edit _geo-Philippines
set type geography
set country PH
next

edit _geo-Pakistan
set type geography
set country PK
next

edit _geo-Poland
set type geography
set country PL
next

edit _geo-Saint-Pierre-and-Miquelon
set type geography
set country PM
next

edit _geo-Pitcairn
set type geography
set country PN
next

edit _geo-Puerto-Rico
set type geography
set country PR
next

edit _geo-Palestinian-Territory
set type geography
set country PS
next

edit _geo-Portugal
set type geography
set country PT
next

edit _geo-Palau
set type geography
set country PW
next

edit _geo-Paraguay
set type geography
set country PY
next

edit _geo-Qatar
set type geography
set country QA
next

edit _geo-Reunion
set type geography
set country RE
next

edit _geo-Romania
set type geography
set country RO
next

edit _geo-Serbia
set type geography
set country RS
next

edit _geo-Russian-Federation
set type geography
set country RU
next

edit _geo-Rwanda
set type geography
set country RW
next

edit _geo-Saudi-Arabia
set type geography
set country SA
next

edit _geo-Solomon-Islands
set type geography
set country SB
next

edit _geo-Seychelles
set type geography
set country SC
next

edit _geo-Sudan
set type geography
set country SD
next

edit _geo-Sweden
set type geography
set country SE
next

edit _geo-Singapore
set type geography
set country SG
next

edit _geo-Saint-Helena
set type geography
set country SH
next

edit _geo-Slovenia
set type geography
set country SI
next

edit _geo-Svalbard-and-Jan-Mayen
set type geography
set country SJ
next

edit _geo-Slovakia
set type geography
set country SK
next

edit _geo-Sierra-Leone
set type geography
set country SL
next

edit _geo-San-Marino
set type geography
set country SM
next

edit _geo-Senegal
set type geography
set country SN
next

edit _geo-Somalia
set type geography
set country SO
next

edit _geo-Suriname
set type geography
set country SR
next

edit _geo-South-Sudan
set type geography
set country SS
next

edit _geo-Sao-Tome-and-Principe
set type geography
set country ST
next

edit _geo-El-Salvador
set type geography
set country SV
next

edit _geo-Sint-Maarten
set type geography
set country SX
next

edit _geo-Syrian-Arab-Republic
set type geography
set country SY
next

edit _geo-Swaziland
set type geography
set country SZ
next

edit _geo-Turks-and-Caicos-Islands
set type geography
set country TC
next

edit _geo-Chad
set type geography
set country TD
next

edit _geo-French-Southern-Territories
set type geography
set country TF
next

edit _geo-Togo
set type geography
set country TG
next

edit _geo-Thailand
set type geography
set country TH
next

edit _geo-Tajikistan
set type geography
set country TJ
next

edit _geo-Tokelau
set type geography
set country TK
next

edit _geo-Timor-Leste
set type geography
set country TL
next

edit _geo-Turkmenistan
set type geography
set country TM
next

edit _geo-Tunisia
set type geography
set country TN
next

edit _geo-Tonga
set type geography
set country TO
next

edit _geo-Turkey
set type geography
set country TR
next

edit _geo-Trinidad-and-Tobago
set type geography
set country TT
next

edit _geo-Tuvalu
set type geography
set country TV
next

edit _geo-Taiwan
set type geography
set country TW
next

edit _geo-Tanzania,-United-Republic-of
set type geography
set country TZ
next

edit _geo-Ukraine
set type geography
set country UA
next

edit _geo-Uganda
set type geography
set country UG
next

edit _geo-United-States-Minor-Outlying-Islands
set type geography
set country UM
next

edit _geo-United-States
set type geography
set country US
next

edit _geo-Uruguay
set type geography
set country UY
next

edit _geo-Uzbekistan
set type geography
set country UZ
next

edit _geo-Holy-See-(Vatican-City-State)
set type geography
set country VA
next

edit _geo-Saint-Vincent-and-the-Grenadines
set type geography
set country VC
next

edit _geo-Venezuela
set type geography
set country VE
next

edit _geo-Virgin-Islands,-British
set type geography
set country VG
next

edit _geo-Virgin-Islands,-U.S.
set type geography
set country VI
next

edit _geo-Vietnam
set type geography
set country VN
next

edit _geo-Vanuatu
set type geography
set country VU
next

edit _geo-Wallis-and-Futuna
set type geography
set country WF
next

edit _geo-Samoa
set type geography
set country WS
next

edit _geo-Yemen
set type geography
set country YE
next

edit _geo-Mayotte
set type geography
set country YT
next

edit _geo-South-Africa
set type geography
set country ZA
next

edit _geo-Zambia
set type geography
set country ZM
next

edit _geo-Zimbabwe
set type geography
set country ZW
next

end

This will add each object. It should look like this. The underscore sets the objects on the top of the list, so it is easy to find.

Thereafter, you can just add it to the “deny by location” group or it can be used for any other policy.

NOTE: In the above command, there is an object for South Africa, which is my location. I would not want to block my own traffic, so be careful when bulk adding the objects to a deny or block rule.

1 Trackback / Pingback

  1. Fortinet Vulnerability: The Importance of Locking Down Access - Expert In the Cloud

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.