FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ajoy
Staff
Staff
Article Id 223481
Description This article describes how to exempt a specific IP address or subnet from all or specific IPS signatures from the GUI.
Scope FortiGate.
Solution

To exempt an IP address on a subnet from all IPS signatures or protection.

Example: 192.168.1.1/32 from 192.168.1.0/24 or the entire subnet:

  1. Go to Security Profiles -> Intrusion Prevention.
  2. Select an IPS profile, then 'Edit'.
  3. In the IPS signatures and Filters section, select 'Create New'.
  4. Go to Add Signatures ->Type (Signature) -> Exempt IPs and add all Results.

 

ajoy_0-1662929735603.png

 

                                       aquilingan_0-1738811278109.png

 

It is also possible to search for a specific signature to be excluded. Once a signature appears from the search box, 'right-click' on the signature and then 'Add Selected'. In this example, search for TCP.Split.Handshake signature and set action to 'Allow'.

 

                                      IPS Signature.JPG

 

                                      IPS Signature 2.JPG

 

Important note: Exempting the block malicious URL entirely is based on disabling the block malicious URLs button on the IPS Sensor. It could not be done through an exception on IPS Signature and Filters. This is due to the malicious URL database and signature database being two distinct databases.