Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhrth
New Contributor III

Whitelist Pentester IP Addresses

Hi,

 

My company is currently carrying out external pen testing on our servers and it was found out the nmap scan was blocked by FortiGate UTM. Is it possible to whitelist the IP addresses used by the pen testers? If possible, where should I whitelist those IP addresses?

 

 

Thank you.

3 REPLIES 3
xsilver_FTNT
Staff
Staff

Hi,

log should show you which firewall policy and rules blocked it.

So you can make temporary policy ABOVE that blocking one (R-click -> Insert empty - Above).

And that new one might have their source IPs and accept their connections.

But shouldn't they test also ability to pass through your firewall? This also looks like social-engineering test to highlight how willing you are to bend the rules if someone asks for it?
:D

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Yurisk
Valued Contributor

Also make sure that no DDoS policy is in place, as it is checked before regular security policy , 

https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/771644/dos-protection 

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Debbie_FTNT

Good point, DoS policies often recognize a port scan and quarantine the originating IP.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Labels
Top Kudoed Authors