I need to run PCI DSS scanning on my web servers.
how do I enable the scanning IP address to be trusted so that they wont be flagged as intrusion ?
i am using firmware version 5.2.2
Review Scanner IP Addresses The service provides multiple scanners for external (perimeter) scanning. Depending on your network, it may be necessary to add the scanner IPs to your list of trusted IPs, so the service can send probes to your in-scope system components.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If the scans are directed at the Fortigate itself, may be set up a local-in-policy allowing the IP.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
the scanning is targeted at our servers with external public ip addresses.
they are scanning the public ip address.
You can create the address objects representing the IP's they will come from and create a new DoS policy with that as the source, and your VIP's as the destination. Then don't enable any of the DoS sensors. This will basically exclude them from creating alerts. Here is a screen shot showing the setup. Make sure to drag the new DoS policy to the top so it hits first.
Best Regards, Eric Hastings, NSE3 | Systems Engineer (South Texas) Fortinet | Fast. Secure. Global.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.