Hello,
we need to do Nessus scans from the Tenable Nessus cloud scanners through our FortiGate firewalls to a list of externally available servers and services to ensure that they are patched/updated for several compliance regimes.
When a scan occurs we get the attached messages in the FortiGate logs.
how do we allow the tenable cloud scanner ip ranges to be allowed to get past the intrusion detection system and through the FortiGate firewall?
Thanks,
Paul
Hi Paul,
You can bypass nessus scanning by adding an exempt-IP.
Cli:
config IPS sensor
ed default
config entries
ed 0
set rule xxx e.g. 29844 for eicar
config exempt-ip
you can set either src-ip or dest-ip here.
end
thanks
Thanks,
do I need to add exempt-ip entries for every rule or just once and that would cover all the rules?
Thanks,
Paul
One entry per IPS sensor, if you use the same IPS sensor for all rules then only one change needed
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.