How to allow IP/Device through Intrusion ...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 381343

Description

This article describes how to allow a device such as a Vulnerability Scanner for Intrusion Prevention while simultaneously logging the signatures generated from the machine.

Scope

FortiGate.

Solution

In some scenarios, Administrators want to allow specific devices/scanners while enabling Intrusion Prevention logging for monitoring and analysis purposes. To achieve this, the following setup is required: Custom IPS Profile Creation with the action set to monitor for all signatures - FortiGate administra....

Firewall Policies Required:

Policy 1 - An allowed device set as the source with a custom Intrusion Prevention profile so all Intrusion Prevention Signatures are allowed but logged (Action = monitor, as explained in Technical Tip: IPS profile actions and corresponding actions in lo...).
Policy 2 - All other sources with the original Intrusion Prevention profile are to be applied per the organization's requirements.

Policy Setup.PNG

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to allow IP/Device through Intrusion Prevention while logging associated Signatures

You are leaving our website