So the default behavior of a Fortigate is to allow you to apply an access policy to the VPN tunnel itself, which can easily be a geoblock, but the local-in policy where the remote is actually authenticating against the firewall is much harder to change.
Not saying this is a Fortigate or that the federal government didn't change the low effort configuration, but it's certainly not unusual, Fortinet is a huge presence.
Not saying this is a Fortigate or that the federal government didn't change the low effort configuration, but it's certainly not unusual, Fortinet is a huge presence.