| Description | This article describes the issue where attempting to save an exempted IP address in the Intrusion Prevention security profile, the entry is not saved correctly. |
| Scope | FortiGate. |
| Solution |
When exempting an IP address in an Intrusion Prevention security profile, it may be seen that the specified IP address entered is not saving, and it is reverting to 0.0.0.0/0.
In this example, the following address, 10.10.10.1, is being exempted from an IPS signature.
However, after applying and saving the entry, the exempted IP address was reverted to 0.0.0.0/0.
This is because the exempted IP did not include a subnet mask / CIDR notation. If including the exempted IP with a netmask such as 10.10.10.1/32 or 10.10.10.1 255.255.255.255, the entry will save correctly.
If the exempted IP address is to be set in the CLI, the netmask is also required to be set.
config ips sensor edit "default" config entries edit 2 set rule 32016 config exempt-ip edit 1 set src-ip 10.10.10.1 255.255.255.255 next end next end next end |
