Posted on 2013-05-10
We are using fortinet firewalls and have enabled the ips service. We are trying to setup rules that drop all traffic from certain ip addresses, to keep them for alerting in IPS. We also want a whitelist of known good ip addresses, so the IPS doesn't stop them. We have tried creating a policy for a blacklist and whitelist and doing a deny or allow for the ip we want. It is still alerting us on ip addresses we know are bad, and it still blocks the ip addresses that we know are good. Is there anyway to do this with fortinets?