Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhrth
New Contributor II

Whitelist Pentester IP Addresses

Hi,

 

My company is currently carrying out external pen testing on our servers and it was found out the nmap scan was blocked by FortiGate UTM. Is it possible to whitelist the IP addresses used by the pen testers? If possible, where should I whitelist those IP addresses?

 

 

Thank you.

3 REPLIES 3
xsilver_FTNT
Staff
Staff

Hi,

log should show you which firewall policy and rules blocked it.

So you can make temporary policy ABOVE that blocking one (R-click -> Insert empty - Above).

And that new one might have their source IPs and accept their connections.

But shouldn't they test also ability to pass through your firewall? This also looks like social-engineering test to highlight how willing you are to bend the rules if someone asks for it?
:D

 

Tom xSilver, planet Earth, over and out!

Yurisk
Valued Contributor

Also make sure that no DDoS policy is in place, as it is checked before regular security policy , 

https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/771644/dos-protection 

 

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.


All opinions are mine only.
Debbie_FTNT

Good point, DoS policies often recognize a port scan and quarantine the originating IP.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++