Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

Created on ‎04-07-2023 02:50 AM

WAF exempt

Hi,

after upgrade from 6.4 to 7.0.11 I have problem that WAF is blocking my public facing servers. On Fortigate I have errors like "Event Type waf-http-constraint". So I'm trying to create an exempt using this guide:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Creating-an-exemption-for-a-FortiGate-Web/...

But my problem is that in LOG-->Web Application Firewall log, when I click on the connection that is blocked then on details pane, I don't have "EVENT ID" to be configured for exemption, I have such information on the details pane:

 

ID	7219242010517962773
Time	2023-04-07 11:46:04
euid	3
epid	101
dsteuid	3
dstepid	1197
logver	700110489
Type	utm
Sub Type	waf
Log ID	1203030257
Log event original timestamp	1680860764162709200
Source Interface Role	wan
Destination Interface Role	dmz
Event Type	waf-http-constraint
Timezone	+0200
dtime	2023-04-07 11:46:03
itime_t	1680860764
Device Name	FGT

 

Labels:
300
0 Kudos
1 REPLY 1
gfleming
Staff
Staff

Created on ‎04-07-2023 08:08 PM

Is it blocking all connections to your web server? Something doesn't seem right in that case. Can you show your WAF profile config and FW policy config?

 

And do you not see the event ID in the GUI as referenced by the tech tip doc you linked?

Cheers,
Graham
275
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.