Hot!Whitelisting on IP Address

Author
SebastiaanR
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/05/30 03:47:09
  • Status: offline
2020/05/30 03:59:10 (permalink)
0

Whitelisting on IP Address

Hi Community
 
I'm hoping someone can point me in the right direction on how to add an IP address to a whitelist.
I have a FortiGate VM64 v6.2.3 build1066 (GA) appliance deployed in Azure. This is my first ever FG deployment, and I have to note two things:
 
1. The overall configuration and setup is really straight forward and intuitive. I was pleasantly surprised.
 
2. (and this is where I need some help) I'm getting an error when I access an internal web app using the IP and on an obscure port, with the error that the page has been blocked because it's in violation of my internet access policy. Great, it works, BUT I do need to access this.
 
The application is access by IP, in this case the public IP of the appliance in Azure. I had a look everywhere in the console if there is a way to add that external IP to a whitelist to not be managed by the FortiGuard, but all I am able to add are domains/domain names. In short, I need to whitelist the public IP assigned to the Azure appliance on various ports.
 
As a work-around to ensure operation, I've configured the web filter in monitoring mode, but this is obviously not ideal.
 
I've attached a SS of the error for what its worth.
 
TIA

Attached Image(s)

#1

4 Replies Related Threads

    lobstercreed
    Gold Member
    • Total Posts : 229
    • Scores: 25
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: Whitelisting on IP Address 2020/05/30 15:21:31 (permalink)
    0
    I will say that I don't *think* this is possible (I've never had need to try). If I'm correct, there is an easy workaround...
     
    Create an additional rule above the rule you're hitting that only matches this traffic with simply no web filter profile attached to it.
    #2
    Toshi Esumi
    Expert Member
    • Total Posts : 2160
    • Scores: 208
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Whitelisting on IP Address 2020/05/30 19:53:33 (permalink)
    0
    I also recommend a new policy allowing the address and the port(s) specified, then place is above the current blocking policy like lobstercreed suggested. You might call it "whitelist". Generally terms "whitelist/blacklist" are used in the context of webfiltering only though.
    But the error you're seeing is because your webfiltering profile has category filtering enabled, and in the filtering, "Unrated" category is blocked. You might be using a default profile like "g-default". Those pre-defined ones almost never work in case if you really want to use webfiltering feature. I would suggest create a new one and set it as you need and allow "Unrated" like http://(IP_Address)/... not to be blocked.
    #3
    sw2090
    Platinum Member
    • Total Posts : 678
    • Scores: 42
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: Whitelisting on IP Address 2020/06/02 03:07:01 (permalink)
    0
    there is several ways:
     
    - create a rating override to a cathegory allowed in your filter profile
    - create a url filter exempt entry the allow this url
    - basicall allow unrated urls in you filter profile (not recommended of course)
     
    #4
    SebastiaanR
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/05/30 03:47:09
    • Status: offline
    Re: Whitelisting on IP Address 2020/06/04 05:44:25 (permalink)
    0
    Thanks for all the suggestions, I'll be tinkering away and get it sorted.
    #5
    Jump to:
    © 2020 APG vNext Commercial Version 5.5