Technical Tip: Exempting specific subnet or IP from all IPS signatures or specific IPS signature from GUI

ajoy · ‎09-11-2022

Description

This article describes how to exempt a specific IP address or subnet from all or specific IPS signatures from the GUI.

Scope

 FortiGate.

Solution

To exempt an IP address on a subnet from all IPS signatures or protection.

Example: 192.168.1.1/32 from 192.168.1.0/24 or the entire subnet:

Go to Security Profiles -> Intrusion Prevention.
Select an IPS profile, then 'Edit'.
In the IPS signatures and Filters section, select 'Create New'.
Go to Add Signatures ->Type (Signature) -> Exempt IPs and add all Results.

It is also possible to search for a specific signature to be excluded. Once a signature appears from the search box, 'right-click' on the signature and then 'Add Selected'. In this example, search for TCP.Split.Handshake signature and set action to 'Allow'.

IPS Signature.JPG

IPS Signature 2.JPG

Important note: Exempting the block malicious URL entirely is based on disabling the block malicious URLs button on the IPS Sensor. It could not be done through an exception on IPS Signature and Filters. This is due to the malicious URL database and signature database being two distinct databases.

Technical Tip: Exempting specific subnet or IP from all IPS signatures or specific IPS signature from GUI

You are leaving our website