Scribd
Upload
14 views

FORTIGATE Technical Tip_ Whitelist IP addresses and URLs usi... - Fortinet Community

This technical tip provides a step-by-step guide for whitelisting IP addresses and URLs using FortiGate firewall policies. It outlines the process of creating address objects, configuring firewall policies, and ensuring proper logging and NAT settings. The article emphasizes the importance of moving the new policy to the top of the list to ensure it is applied correctly.

Uploaded by

jdsinkpon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

FORTIGATE Technical Tip_ Whitelist IP addresses and URLs usi... - Fortinet Community

This technical tip provides a step-by-step guide for whitelisting IP addresses and URLs using FortiGate firewall policies. It outlines the process of creating address objects, configuring firewall policies, and ensuring proper logging and NAT settings. The article emphasizes the importance of moving the new policy to the top of the list to ensure it is applied correctly.

Uploaded by

jdsinkpon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

16/05/2025 11:20 Technical Tip: Whitelist IP addresses and URLs usi...

- Fortinet Community

Fortinet Community > Knowledge Base > FortiGate


> Technical Tip: Whitelist IP addresses and URLs usi...

Cayazo Staff

Created on ‎08-22-2024 05:09 AM Edited on ‎01-13-2025 11:45 PM By Anthony_E

Article Id 335345
Technical Tip: Whitelist IP addresses and URLs using firewall policies

Description This article describes how to create a rule to whitelist or bypass traffic that is requir
be inspected, namely by using an object group to easily populate the list in the GUI
Scope FortiGate.

https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/9309 1/9
16/05/2025 11:20 Technical Tip: Whitelist IP addresses and URLs usi... - Fortinet Community

Solution 1. Go to Policy & Object -> Addresses:

2. Choose the tab 'Address Group':

3. Create new objects: one for IP addresses and one for URLs:

https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/9309 2/9
16/05/2025 11:20 Technical Tip: Whitelist IP addresses and URLs usi... - Fortinet Community

4. Go to Policy & Object -> Firewall Policy:

https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/9309 3/9
16/05/2025 11:20 Technical Tip: Whitelist IP addresses and URLs usi... - Fortinet Community

5. Create a new policy, and choose the LAN interface as a source, and set the
destination to the WAN or SD-WAN interface:

6. Choose the newly added object groups as the Source:

https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/9309 4/9
16/05/2025 11:20 Technical Tip: Whitelist IP addresses and URLs usi... - Fortinet Community

7. Since the traffic will be forwarded to the Internet, enable Network Address Tra
(NAT). To 'whitelist' or bypass the traffic the Security Profiles must be deactiva
'no-inspection' for 'SSL Inspection:

8. In the logging section, for monitoring purposes, the option to be chosen is "Al
sessions", since 'Security Events' will only log Security (UTM) events (e.g. AV
firewall web filter) that are currently disabled.

https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/9309 5/9
16/05/2025 11:20 Technical Tip: Whitelist IP addresses and URLs usi... - Fortinet Community

Once the traffic is confirmed to be matching the policy, the logging can be disabled

9. Save the new policy.


10. It is necessary to move the firewall policy to the top to avoid matching all the o
firewall policies:

11. Now that the firewall policy is in place, edit the object group to add the IP add
URLs:

12. In the section 'Select Entries', choose the option to add a new object, then ch
address:

https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/9309 6/9
16/05/2025 11:20 Technical Tip: Whitelist IP addresses and URLs usi... - Fortinet Community

13. For URLs, change the type to 'FQDN' and input the URL desired. Adding a wi
supported, but it is recommended to make sure that the DNS settings are pro
in order to populate the DNS resolutions to the FQDN objects properly.

14. For IP addresses, choose the type 'Subnet'. This type supports subnets and s
IP addresses. To add a specific range of IP addresses, use the type 'IP Range

https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/9309 7/9
16/05/2025 11:20 Technical Tip: Whitelist IP addresses and URLs usi... - Fortinet Community

15. Observe the new address object, added to the whitelist object group:

16. Save the configuration once all of the object addresses are added, and confir
configuration by hovering the mouse over the whitelist objects:

To confirm that the whitelist policy is matched, may utilize the 'Policy Lookup'
f t T h i l Ti Fi ll li l k

11760
https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/9309 8/9
16/05/2025 11:20 Technical Tip: Whitelist IP addresses and URLs usi... - Fortinet Community

 9 Kudos

Article Feedback

Comments

lpedraza
Staff
‎08-22-2024 10:43 AM

Geat article @Carlos !!! Congratulations and thank you so much for your contribution!

https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/9309 9/9

You might also like