Technical Tip: Whitelist IP addresses and URLs using firewall policies

1. Go to Policy & Object -> Addresses:
   
   

2. Choose the tab 'Address Group':

3. Create new objects: one for IP addresses and one for URLs:

4. Go to Policy & Object -> Firewall Policy:

5. Create a new policy, and choose the LAN interface as a source, and set the destination to the WAN or SD-WAN interface:

6. Choose the newly added object groups as the Source:

7. Since the traffic will be forwarded to the Internet, enable Network Address Translation (NAT). To 'whitelist' or bypass the traffic the Security Profiles must be deactivated, and 'no-inspection' for 'SSL Inspection:

8. In the logging section, for monitoring purposes, the option to be chosen is "All sessions", since 'Security Events' will only log Security (UTM) events (e.g. AV, IPS, firewall web filter) that are currently disabled.

Once the traffic is confirmed to be matching the policy, the logging can be disabled.

9. Save the new policy.
   
   
10. It is necessary to move the firewall policy to the top to avoid matching all the other firewall policies:

11. Now that the firewall policy is in place, edit the object group to add the IP addresses or URLs:

12. In the section 'Select Entries', choose the option to add a new object, then choose address:

13. For URLs, change the type to 'FQDN' and input the URL desired. Adding a wildcard is supported, but it is recommended to make sure that the DNS settings are properly set in order to populate the DNS resolutions to the FQDN objects properly.

14. For IP addresses, choose the type 'Subnet'. This type supports subnets and specific IP addresses. To add a specific range of IP addresses, use the type 'IP Range'.

15. Observe the new address object, added to the whitelist object group:

16. Save the configuration once all of the object addresses are added, and confirm the configuration by hovering the mouse over the whitelist objects: