Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
acenyc
New Contributor

Help adding IP addresses to whitelist of Fortigate 200D and Fortigate 60D

I work at a small non profit in New York City. Our network administrator was in a bad accident. I have been asked to help out until a replacement can be found. I have no experience with firewall administration. I need to add IP addresses to the whitelist of  a Fortigate 200D and a Fortigate 60D. Where on the interface do I add these IP addresses. 

Thank you very much.

15 REPLIES 15
EMES
Contributor

There is no interface whitelist, It can be in security policy or your web filtering profiles. Are you trying to allow an internal IP bypass the filtering on the firewall?

MikePruett
Valued Contributor

Going to need more information.

 

- Does the Gate already exist in the environment?

- Are you trying to allow traffic outbound?

- Are you trying to allow traffic inbound?

- What services or type of traffic are you wanting to allow?

Mike Pruett Fortinet GURU | Fortinet Training Videos
rwpatterson
Valued Contributor III

Take a backup of the configuration without encryption. In a text editor, look for an entry that you know is already whitelisted. In that section, the top will start with "config...." Get us that section (command), then we will be able to tell you more (if you cannot figure it out from there).

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
acenyc

rwpatterson wrote:

Take a backup of the configuration without encryption. In a text editor, look for an entry that you know is already whitelisted. In that section, the top will start with "config...." Get us that section (command), then we will be able to tell you more (if you cannot figure it out from there).

Unfortunately, I do not know how to do any of the things you are asking me to do. I will try to find out how to do these things from the manual.

rwpatterson
Valued Contributor III

From the console, one of the widgets should have a link to back up the device.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
amanjotsingh_FTNT

Please follow the following Steps 

1) you need to Create address for the IP address you wanted to Whitelisted , To do that please do the following

a) First go to policy & object

b) Click on addresses

c) Click Create new -> Address 

d) Name the address like " google " 

e) Under Subnet/ Ip range put the Ip address which you want to Whitelist 

f) Save it

You can create group of address as well but first you need to create all the address you wanted to whitelist

Then follow all the steps till (b) and click group instead address 

Add all the address you created for white list to that group 

 

2) Secondly, Under Policy & Object 

a) Right click on the first policy you see

b) Click on insert -> Above ( This will insert the new policy on top )

c) Click on the New policy and edit it.

d) Click on Incoming interface from where the traffic is coming ( In case if the traffic is going out it can be LAN or any internal port)

e) Click on outgoing interface ( It can be WAN interface )

d) Click on source ( you can put all if you are allowing Everyone) 

e) Click on destination ( Use the address you created  for whitelist or the whole group of address you created above)

 

Thanks

Amanjot Singh ( TAC )

acenyc
New Contributor

Yes, if I understand this correctly, I have to allow two incoming IP addresses and one outgoing IP address. I see the list in web filtering.  I have the manual and I will watch some videos. Thank You for your assistance.

acenyc
New Contributor

Thank you for your assistance. As I said before, I'm just filling in until my organization hires someone that is  qualified to administer this system. I have to allow two inbound IP addresses and allow one outbound IP address. I have included a screen shot of the web filter list of the 200D unit. What is it that determines if the IP address is inbound or outbound?

Thank you.

acenyc
New Contributor

Thank you, Amanjot Singh. I will follow these instructions when I get to work on Tuesday. I still don't understand how to determine if an IP address is inbound, or outbound. 

 

 

 

 

 

 

Labels
Top Kudoed Authors