Whitelisting IP Address Blocked by IP Reputation in FortiWeb

Preface

This documentation outlines the process for whitelisting IP addresses that have been incorrectly blocked due to false negatives by our IP reputation system. While the IP reputation feature is critical for maintaining security and mitigating threats, there are instances where legitimate traffic may be mistakenly flagged and blocked. To minimize disruption to business operations and maintain service availability, this guide provides step-by-step instructions on how to identify, verify, and whitelist such IP addresses. Following these procedures ensures a balance between security and accessibility in our network infrastructure.

Prerequisite

  • Access to the FortiWeb.

Procedure

  1. Check the source IP address. You can check from the error page that the end user receive when trying to open the web behind FortiWeb, or check the logs in Log & Report -> Log Access -> Attack and search for blocked entry that falls under IP Reputation category;
  2. Open IP Protection IP Reputation menu;
  3. Open IP Reputation Exceptions list;
  4. Select + Create New button;
  5. In the new window, for IP Address enter the blocked IP Address;
  6. Enable Status;
  7. Press OK.

Conclusion

By following the outlined steps to whitelist false negative IP addresses, we can effectively restore legitimate traffic without compromising the integrity of our IP reputation system. It’s essential to regularly review and monitor these exceptions to ensure they remain valid and do not introduce security risks. This process ensures that business operations continue smoothly while maintaining a strong security posture.

Reference