Hi
We have a vip server facing outside of our company. I created a policy and enabled waf with all high severity enabled. When a user from outside submits a form, FGT waf recognizes it as sql injection extended and won't let the user submit the form and webpage crashes after. What should i do?
Solved! Go to Solution.
Hi @rezafathi,
There is no option to exempt IP address for WAF profile. You can create a new WAF profile and disable that signature.
Regards,
Hello,
You can find the forms below in order to contact specific teams regarding UTM databases:
https://www.fortiguard.com/contactus
However I cannot find WAF related team. Therefore, you may consider to use generic form in order to check whether it is false positive:
https://www.fortiguard.com/faq/general-contact
No i want to exclude a web server from extended sql injection. How can i do that?
Hi @rezafathi,
There is no option to exempt IP address for WAF profile. You can create a new WAF profile and disable that signature.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1742 | |
1113 | |
759 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.