Fortinet black logo

CLI Reference

Home FortiWeb 7.4.2 CLI Reference
7.4.2
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.3
6.4.2
6.4.1
6.4.0
6.3.23
6.3.19
6.3.18
6.3.17
6.3.16
6.3.15
6.3.14
6.3.13
6.3.11
6.3.10
6.3.9
6.3.7
6.3.6
6.3.5
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.2
6.1.1
5.7.0
5.6.1
5.6.0

waf ip-intelligence-exception

waf ip-intelligence-exception

Use this command to exempt IP addresses from reputation-based blocking. The settings apply globally, to all policies that use this feature.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf ip-intelligence-exception

edit <entry_index>

set status {enable | disable}

set group-type {ip-string | ip-group}

set ip-group <name>

set ip "<client_ipv4>"

next

end

Variable Description Default

<entry_index>

 Enter the index number of the individual entry in the table entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

status {enable | disable}

 Enable to exempt clients from IP reputation-based blocking. disable

group-type {ip-string | ip-group}

Select ip-string to enter IP addresses or ranges, or ip-group to reference the IP groups you have created through config server-policy ip-group.

ip-string

ip "<client_ipv4>"

Enter the client’s source IP address.

Available only when the group-type is ip-string.

 No default.

ip-group <name>

If you have selected ip-group for group-type, then specify the IP Group you have created through config server-policy ip-group. By using the IP group, you can save the effort to type the IP addresses every time you need to re-use them.

Available only when the group-type is ip-group.

No default.

Example

See waf ip-intelligence-ignore-x-forwarded-for.

Related topics

Previous
Next

waf ip-intelligence-exception

Use this command to exempt IP addresses from reputation-based blocking. The settings apply globally, to all policies that use this feature.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf ip-intelligence-exception

edit <entry_index>

set status {enable | disable}

set group-type {ip-string | ip-group}

set ip-group <name>

set ip "<client_ipv4>"

next

end

Variable Description Default

<entry_index>

 Enter the index number of the individual entry in the table entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

status {enable | disable}

 Enable to exempt clients from IP reputation-based blocking. disable

group-type {ip-string | ip-group}

Select ip-string to enter IP addresses or ranges, or ip-group to reference the IP groups you have created through config server-policy ip-group.

ip-string

ip "<client_ipv4>"

Enter the client’s source IP address.

Available only when the group-type is ip-string.

 No default.

ip-group <name>

If you have selected ip-group for group-type, then specify the IP Group you have created through config server-policy ip-group. By using the IP group, you can save the effort to type the IP addresses every time you need to re-use them.

Available only when the group-type is ip-group.

No default.

Example

See waf ip-intelligence-ignore-x-forwarded-for.

Related topics

Previous
Next