Allow List
FortiCWP enables users to create allow lists to prevent application system internal IPs from triggering suspicious movement policies, thus eliminating false positive alerts.
There are two steps involved in creating allow lists for internal IPs. The targeted IPs needed to be created in IP collection first in order to create white lists for the internal IPs.
Create IP Collection
- Go to Administrator > Collection.
- In IP pane, click add button.
- Enter a name for the IP in Name field.
- Click on Please enter ip field, and enter the internal IP, then click add button.
- Click save button to complete saving the IP.
Create Allow list
- Go to Administrator > Allow List.
- Click Add new record in allow list.
- Click Please select IP Collections in IP Collection field to select the IP Collection created earlier.
- Click Please select Polices field in Policy field to select a policy, e.g. suspicious movement policy will mark the IP collection as IPs that will not be triggered by the policy.
- Give the Allow list a name in Name field.
- Click Submit button to complete adding the Allow list.