Staff

Technical Tip: How to allow IP/Device through Intrusion Prevention while logging associated Signatures

Forum|Forum|1 year ago
March 25, 2025
0 replies
428 views

Description

This article describes how to allow a device such as a Vulnerability Scanner for Intrusion Prevention while simultaneously logging the signatures generated from the machine.

Scope

FortiGate.

Solution

In some scenarios, Administrators want to allow specific devices/scanners while enabling Intrusion Prevention logging for monitoring and analysis purposes. To achieve this, the following setup is required: Custom IPS Profile Creation with the action set to monitor for all signatures - FortiGate administration guide.

Firewall Policies Required:

Policy 1 - An allowed device set as the source with a custom Intrusion Prevention profile so all Intrusion Prevention Signatures are allowed but logged (Action = monitor, as explained in Technical Tip: IPS profile actions and corresponding actions in logs).
Policy 2 - All other sources with the original Intrusion Prevention profile are to be applied per the organization's requirements.

Policy Setup.PNG

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded