I would like to know how I can create a syslog policy, which only sends
me "system events". The one I have created right now is sending us
everything, traffic events, connections, etc.; In short, many logs and
the collector fills up. Is there any pos...
We have a block in the Fortiweb Log see 7.25 in the attacks section,
which although we put an exception in the signature with Regular
Expression, it does not make it exceptional and causes us a "false
positive"The blocking occurs in a "parameter" tha...
Regards,We need to be able to deny communications in Fortiweb 6.3.21
that the User Id exceedsin its Historical Threat Weight high values,
such as 10,000 points.We do not know how to carry out this denial, since
Client Management Configuration does no...
Good afternoon. I've been having this problem for a while and I can't
find a solution. If you can give me a hand I appreciate it. We have some
applications configured in Pass mode in URL Access Rule, like:
/application/* This means that no alerts are...
In the WAF I have a Syslog policy configured. The FortiWeb documentation
indicates that regarding “Configuring log levels” (loglevels): Syslog
events have different severity levels, such as "info", "warning", and
"error". You can configure FortiWeb t...
Thank you very much for your response Anignan, It is a good answer and
has given us the basis for a future "solution", because clicking on the
context menu in the Attack Log, as you say, will result in an exception
in the signature and will tell us h...
Thank you very much Denzil, it is one of the things we are doing,
controlling the attack with the limits of the Client Management
Configuration, but the blocking limits are at most one day, the boots
reappear after that time.We would like to know, th...
Thank you very much for answering my question. I will try to explain
myself better.We have url access policy with several url access rules.
In with the "Action" Pass and others in "Alert& Deny" and in them we
have Url Access Condition, which allude t...
