Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Whitelist Pentester IP Addresses



My company is currently carrying out external pen testing on our servers and it was found out the nmap scan was blocked by FortiGate UTM. Is it possible to whitelist the IP addresses used by the pen testers? If possible, where should I whitelist those IP addresses?



Thank you.



log should show you which firewall policy and rules blocked it.

So you can make temporary policy ABOVE that blocking one (R-click -> Insert empty - Above).

And that new one might have their source IPs and accept their connections.

But shouldn't they test also ability to pass through your firewall? This also looks like social-engineering test to highlight how willing you are to bend the rules if someone asks for it?


Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC L3 Escalations engineer

Valued Contributor

Also make sure that no DDoS policy is in place, as it is checked before regular security policy , 


Yuri blog: All things Fortinet, no ads.

All opinions are mine only.

Good point, DoS policies often recognize a port scan and quarantine the originating IP.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++