,
In this step-by-step guide you’ll learn how to whitelist an external IP Address or multiple IP Addresses in FortiGate Firewall.
Sometimes there is a need to whitelist an external IP address on a FortiGate/Forti Guard firewall for special purposes. To accomplish this task, you will need to create an Address object for the external IP that you want to allow and then to create a IPv4 Policy to allow traffic from that IP address.
How to Whitelist an External IP Address or Multiple IP Addresses in FortiGate Firewall.
To allow the traffic from an external IP Address or addresses on the FortiGate Firewall, follow the steps below.
Step 1: Create an Address Object In FortiGate.
To whitelist one or more external IP addresses on the FortiGate, you must first create separate Address objects with the details of each IP you wish to allow.
To create an Address object in FortiGate/FortiGuard:
1. Login in FortiGate web Interface.
2. Navigate to Policy & Objects > Addresses and click Create New > Address
3. Now fill in the details in “New Address” as follows:
Name: Type a name of the address object (e.g., “Whitelist IP No1”).- Type: Subnet
- IP/Netmask: Enter the IP address you want to whitelist (e.g., “81.82.83.165/32”).*
* Note: The “https://www.wintips.org/32” indicates that it is just that one IP.
- Interface: Select the interface where the IP will be coming from. (e.g. “wan” or “any”)
4. Click OK when done.
5. Now, according what you want to do, proceed as instructed below:
- If you want to whitelist only one external IP Address in FortiGate, skip to step-2 below.
- If you want to whitelist more than one external IP address, repeat the above steps to create a new Address object for each IP you want to allow and then create an Address Group* with all that addresses as instructed below. Then proceed to step-2.
To create an Address Group in FortiGate:
a. Navigate to Policy & Objects > Addresses and click Create New > Address Group
b. In the “New Address Group”, do the following:
- Name: Type a name for the address group (eg. ” Whitelist IP Addresses”)
- Members: Click the “+” symbol and add one-by-one the Address objects you added with the whitelisted IP’s.
c. Click OK when done, and continue to next step.
Step 2: Create a new Policy object to Allow Traffic from the Whitelisted IP(s).
After creating the Address object(s) for the IP(s) you want to whitelist in FortiGate Firewall, proceed and create an new IPv4 Policy to allow the traffic from them. To do that:
1.
Navigate to Policy & Objects > IPv4 Policy and click Create New.
2. In “Edit Policy” fill in the details as follows:
Name: Give a name to the new policy (e.g., “Whitelist IP Policy”).- Incoming Interface: Select the external interface where the traffic will come from (e.g. “wan2”).
- Outgoing Interface: Select the interface where the traffic will go to (e.g. “LAN”).
- Source: Click the “+” symbol and add the Address object you created earlier (e.g., “Whitelist IP No1”), or the Address Group you created (e.g. “Whitelist IP Addresses”)
- Destination: Click + and select all or specify particular destinations if required.
- Schedule: Click + and select always or specify a schedule if needed.
- Service: Click + and select ALL or specify particular services if if you want.
- Action: Set to Accept.
3. Leave all other options at their default settings or change them according your needs and click OK when done to save the policy.
4. Finally drag the newly created policy to the top of the list to ensure it gets processed first.
That’s it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
