FortiCWP enables users to create allow lists to prevent application system internal IPs from triggering suspicious movement policies, thus eliminating false positive alerts.
There are two steps involved in creating allow lists for internal IPs. The targeted IPs needed to be created in IP collection first in order to create white lists for the internal IPs.
- Go to ADMIN > Collection.
- Click on +Create New button in IP Collection.
- In IP Collection Name field, give a name to the Collection IP. For example, "John IP".
- Fill in the IP address. For Example, enter "73.63.218.XX", click Mask or End IP drop down menu and select Mask, then fill in "24".
- Click +Add New to add more IP addresses. (Optional)
- Click on Create New IP Collection to complete adding the new IP Collection.
- Go to ADMIN > Allowlist.
- Click +Create New.
- Fill in a name in Allolist Name.
- Click Associate with IP Collection drop down menu select the IP Collection created earlier.
- Click Associate with Applicable Policy drop down menu to select a policy, e.g. suspicious movement policy will mark the IP collection as IPs that will not be triggered by the policy.
- Click Create New Allowlist button to complete adding the Allow list.