FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gpap_FTNT
Staff
Staff
Description
This article describes how in FortiOS v5.4 introduced a new Web Application Firewall security profile.  
This feature allows the disabling of a particular signature if traffic to a web server is being blocked by the profile.

Scope
FortiGate and FortiWiFi units running FortiOS 5.4 and above

Solution
Although an entire category of signatures can be enabled/disabled from the GUI, a specific signature within that category can only be disabled from the CLI by using its Signature ID, shown in the logs as Event ID.

jheadley_FD39276_tn_FD39276-1.jpg

From the CLI, enter the following commands:

# config waf profile
    edit {Profile Name}
        # config signature
            set disabled-signature {Event ID}
       end
    end
Note:
Keep in mind that when an exemption of an attack signature has been already created and another one need to be created, in case that only the new signature is added it will overwrite the previous exemptions.

Example:
# config waf profile
    edit {Profile Name}
        # config signature
            set disabled-signature set disabled-signature 50140001 50140002 50140003
        end
    end
To add signature 50160002.
# config waf profile
    edit {Profile Name}
        # config signature
            set disabled-signature 50160002
        end
    end   
In this case the  previous configuration will be overwritten and only the new entry will be exempted.The correct configuration is:
# config waf profile
    edit {Profile Name}
        # config signature
            set disabled-signature set disabled-signature 50140001 50140002 50140003 50160002
        end
    end

Contributors