Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jacek1
New Contributor

Created on ‎06-13-2022 02:26 AM Edited on ‎06-26-2022 11:33 PM

Whitelisting of the internal vulnerability scanner

Hello everyone, our infrastructure has vulnerability scanners that actively investigate and try to exploit systems, users are alerted, we get a lot of logs from it. Is it possible to add a specific IP address of this scanner to the whitelist so that users do not get an alert? Other alerts that may be true should stay. How to do that?

Labels:
2493
0 Kudos
6 REPLIES 6
seshuganesh
Staff
Staff

Created on ‎06-13-2022 09:38 PM

Hi Team,

 

For the vulnerability scanners you can create plain firewall policy on top with no UTM profiles, so that UTM profiles will not generate alerts.

If my understanding is wrong, please explain issue in detail.

2465
Jacek1
New Contributor
In response to seshuganesh

Created on ‎06-14-2022 10:30 AM

Unfortunately, it did not help.

70f1810c-42c5-4291-bb57-13bdfba0e6ab.png

 

2450
0 Kudos
Debbie_FTNT
Staff
Staff
In response to Jacek1

Created on ‎06-15-2022 01:01 AM

Hey Jacek,

seshuganesh's comment was for FortiGate settings; we assumed that your FortiGate is blocking/alerting/logging the vulnerability scanner, not FortiClient.

 

From the screenshot, it's the FortiClient's application firewall that's blocking the scanner and notifying the user.

I'm not an expert in FortiClient, but as far as I have been able to find, you should be able to add an application override for the 'Gnutella_Download' application to allow it (the application firewall profile would need to be edited on EMS). You would need to generate/get a signature for that application, which I don't know how to do, my apologies.

If the pop-up is the primary issue, you can disable those notifications in the EMS application firewall profile, though the actual functionality (blocking the application) would still happen.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
2444
0 Kudos
Jacek1
New Contributor
In response to Debbie_FTNT

Created on ‎06-17-2022 01:03 AM

Unfortunately that's impossible, you're right it's forticlient, sorry. I need to block alerts from a specific IP address because the scanner uses many different exploitation attempts and there are plenty of these application names. Also, if there was an exploitation attempt blocked by forticlient but not from my scanner, I'd like to know about it. I need to filter out alerts from a specific IP address, such an exception.

2430
0 Kudos
Jacek1
New Contributor
In response to Jacek1

Created on ‎06-26-2022 11:32 PM

Does anybody have an idea? 

2413
0 Kudos
Muhammad_Haiqal
Staff
Staff
In response to Jacek1

Created on ‎06-15-2022 01:29 AM

Hi Jacek1.

Looking at this error, the action has been done on the Forticlient. Not on the Fortigate. On Forticlient, please whitelist this app.

haiqal
2441
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.