I'm hoping someone can point me in the right direction on how to add an IP address to a whitelist.
I have a FortiGate VM64 v6.2.3 build1066 (GA) appliance deployed in Azure. This is my first ever FG deployment, and I have to note two things:
1. The overall configuration and setup is really straight forward and intuitive. I was pleasantly surprised.
2. (and this is where I need some help) I'm getting an error when I access an internal web app using the IP and on an obscure port, with the error that the page has been blocked because it's in violation of my internet access policy. Great, it works, BUT I do need to access this.
The application is access by IP, in this case the public IP of the appliance in Azure. I had a look everywhere in the console if there is a way to add that external IP to a whitelist to not be managed by the FortiGuard, but all I am able to add are domains/domain names. In short, I need to whitelist the public IP assigned to the Azure appliance on various ports.
As a work-around to ensure operation, I've configured the web filter in monitoring mode, but this is obviously not ideal.
I've attached a SS of the error for what its worth.
I also recommend a new policy allowing the address and the port(s) specified, then place is above the current blocking policy like lobstercreed suggested. You might call it "whitelist". Generally terms "whitelist/blacklist" are used in the context of webfiltering only though.
But the error you're seeing is because your webfiltering profile has category filtering enabled, and in the filtering, "Unrated" category is blocked. You might be using a default profile like "g-default". Those pre-defined ones almost never work in case if you really want to use webfiltering feature. I would suggest create a new one and set it as you need and allow "Unrated" like http://(IP_Address)/... not to be blocked.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.