Quick-Tip – Geography-Based Internet Services Databases

Sometimes you want to use the awesome feature of Internet Services Database from Fortinet.  The Internet Services Database is an automatically updated collection of IP addresses and subnets used by popular services such as Office 365 or 8x8 .  However one of the things that came up after introducing the feature, was geographical limitations.  You may only want data-centers in the US as an example.

In this article I will cover how to create a custom ISDB entry based on Country, Region and/or City.

To get started, lets log into the FortiGate and go to Policy & Objects then Internet Services Database .

When you look at an entry in the ISDB, you can see the Geographic Based is greyed out.  You need to create a custom entry.  To do this, go back to the Internet Services Database screen and now Create New

Once you create the Geographic Based Internet Services object, you will need to give it a name.  I recommend using a similar name for sanity purposes.

You will be able to choose a Primary Internet Services which is essentially what you are going to clone.  Then you can choose Country , Region and City

In my example, I am using the 8x8 as the “cloned” Internet Services.  I am also going to limit it to only United States sites.  From a Region perspective we are going to use 65535 which means any region.  When choosing 65535 your City becomes any.

When you debug the GUI from the CLI, we can see what 65535 does.

LAB-601E # di de cli 7
Debug messages will be on for 24 minutes.

LAB-601E # dia deb en

0: config firewall internet-service-name
0: edit "8x8-US_Only"
0: unset region-id
0: end

Here we can see how the region-id get unset meaning that it will match ALL regions in the US.

If you wanted to, you could specify Region and City to limit it further.

Here we can see limited by United States only

While this one show the unfiltered entries.

Hope this helps.