Skip to main content
mhrth
mhrth
Explorer II
May 18, 2022
Question

Whitelist Pentester IP Addresses

  • May 18, 2022
  • 2 replies
  • 3304 views

Hi,

 

My company is currently carrying out external pen testing on our servers and it was found out the nmap scan was blocked by FortiGate UTM. Is it possible to whitelist the IP addresses used by the pen testers? If possible, where should I whitelist those IP addresses?

 

 

Thank you.

2 replies

xsilver_FTNT
Staff
xsilver_FTNT
Staff
May 18, 2022

Hi,

log should show you which firewall policy and rules blocked it.

So you can make temporary policy ABOVE that blocking one (R-click -> Insert empty - Above).

And that new one might have their source IPs and accept their connections.

But shouldn't they test also ability to pass through your firewall? This also looks like social-engineering test to highlight how willing you are to bend the rules if someone asks for it?
:D

 

Yurisk
SuperUser
Yurisk
SuperUser
May 18, 2022

Also make sure that no DDoS policy is in place, as it is checked before regular security policy , 

https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/771644/dos-protection 

 

    Debbie_FTNT
    Staff & Editor
    Debbie_FTNT
    Staff & Editor
    May 18, 2022

    Good point, DoS policies often recognize a port scan and quarantine the originating IP.

      Terms & ConditionsAccessibility statement