Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
MB_arr
Staff
Staff

Created on ‎01-22-2026 03:11 AM

Article Id 423937

Technical Tip: How to submit a request to FortiGuard to delist a specific host from FortiGuard IRDB database

Description This article describes a step-by-step guide on how to submit a request to FortiGuard to delist specific IP addresses or hosts that have been flagged in all categories listed in the FortiGuard IP Reputation Database (IRDB).
Scope

FortiWeb (All supported firmware versions).
Solution

Problem description:

A legitimate client IP address is triggering the IP Reputation category 'Spam' on one FortiWeb device, resulting in a WAF attack log entry and traffic being blocked. However, the same IP address and traffic pattern are not generating any WAF log or blocking action on another FortiWeb device, where access is being allowed.

 

Example screenshot of the attack log:

 

Picture1.png

 

Solution:

  1. Check and validate the IP reputation status.

In this article, the IP address 10.99.50.50 is used as an example. To verify the reputation of the IP address, navigate to the following URL to check the reputation of the host mentioned in the FortiGuard Search Portal: FortiGuard Search Portal.

 

Picture2.png

 

In the above screenshot, the IP address is listed on a blocklist under AntiSpam. Under Web Application Security, the IP address is flagged as spam. This helps correlate regional threat patterns or geo-blocking policies.

 

  1. Submit a delisting request:

To delist or release a specific host from the FortiGuard IRDB database, a form must be submitted via the FortiGuard AntiSpam Blocklist FAQ page. AntiSpam Blocklist.

 

Example screenshot:

 

Picture3.png

 

Example: Fill out the form with the following details:

  • URL/IP/Email/Hash: Enter the IP address (e.g, 10.99.50.50).
  • Contact Email: Provide a valid email address for correspondence.
  • Contact Name: Include the name.
  • Company: Specify the organization.
  • 'Your Comment': Provide a detailed explanation (e.g., 'The IP 10.99.50.50 is a legitimate client address being incorrectly flagged as Spam on FortiWeb 8.0v, while 7.6.4v allows traffic. Requesting review and delisting if misclassified. Thank you').

 

Once this form is submitted, the FortiGuard team will independently review the request and update the classification of the host accordingly.

 

Conclusion:

If a legitimate IP address or host address is incorrectly flagged under the spam or any other category, it can lead to unintended traffic being blocked on FortiWeb devices, especially on newer versions with stricter enforcement. By verifying the IP reputation and submitting a delisting request to FortiGuard, administrators can ensure uninterrupted access for trusted clients.
47
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.