Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

WAF exempt

Hi,

after upgrade from 6.4 to 7.0.11 I have problem that WAF is blocking my public facing servers. On Fortigate I have errors like "Event Type waf-http-constraint". So I'm trying to create an exempt using this guide:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Creating-an-exemption-for-a-FortiGate-Web/...

But my problem is that in LOG-->Web Application Firewall log, when I click on the connection that is blocked then on details pane, I don't have "EVENT ID" to be configured for exemption, I have such information on the details pane:

 

ID	7219242010517962773
Time	2023-04-07 11:46:04
euid	3
epid	101
dsteuid	3
dstepid	1197
logver	700110489
Type	utm
Sub Type	waf
Log ID	1203030257
Log event original timestamp	1680860764162709200
Source Interface Role	wan
Destination Interface Role	dmz
Event Type	waf-http-constraint
Timezone	+0200
dtime	2023-04-07 11:46:03
itime_t	1680860764
Device Name	FGT

 

1 REPLY 1
gfleming
Staff
Staff

Is it blocking all connections to your web server? Something doesn't seem right in that case. Can you show your WAF profile config and FW policy config?

 

And do you not see the event ID in the GUI as referenced by the tech tip doc you linked?

Cheers,
Graham
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors