Whitelisting IP Address Blocked by IP Reputation in FortiWeb
Preface
This documentation outlines the process for whitelisting IP addresses that have been incorrectly blocked due to false negatives by our IP reputation system. While the IP reputation feature is critical for maintaining security and mitigating threats, there are instances where legitimate traffic may be mistakenly flagged and blocked. To minimize disruption to business operations and maintain service availability, this guide provides step-by-step instructions on how to identify, verify, and whitelist such IP addresses. Following these procedures ensures a balance between security and accessibility in our network infrastructure.
Prerequisite
- Access to the FortiWeb.
Procedure
- Check the source IP address. You can check from the error page that the end user receive when trying to open the web behind FortiWeb, or check the logs in
Log & Report -> Log Access -> Attack
and search for blocked entry that falls under IP Reputation category; - Open IP Protection → IP Reputation menu;
- Open IP Reputation Exceptions list;
- Select
+ Create New
button; - In the new window, for
IP Address
enter the blocked IP Address; - Enable
Status
; - Press
OK
.
Conclusion
By following the outlined steps to whitelist false negative IP addresses, we can effectively restore legitimate traffic without compromising the integrity of our IP reputation system. It’s essential to regularly review and monitor these exceptions to ensure they remain valid and do not introduce security risks. This process ensures that business operations continue smoothly while maintaining a strong security posture.