Because FortiWeb evaluates trusted and blacklisted IP policies before many other techniques, defining these IP addresses can improve performance. |
Variable | Description | Default |
<ip-list_name> | Type the name of a new or existing rule. The maximum length is 35 characters. To display the list of existing rules, type: edit ? | No default. |
<entry_index> | Type the index number of the individual entry in the table entry in the table. The valid range is from 1 to 9,999,999,999,999,999,999. | No default. |
ip <client_ip> | Enter one of the following values: • A single IP address that a client source IP must match, such as a trusted private network IP address (e.g. an administrator’s computer, 172.16.1.20). • A range or addresses (for example, 172.22.14.1-172.22.14.255 or 10:200::10:1-10:200:10:100). | No default. |
type {trust-ip | black‑ip} | Select either: • trust-ip — The source IP address is trusted and allowed to access your web servers, unless it fails a previous scan (see “debug flow trace”). • black-ip — The source IP address that is distrusted, and is permanently blocked (blacklisted) from accessing your web servers, even if it would normally pass all other scans. Note: If multiple clients share the same source IP address, such as when a group of clients is behind a firewall or router performing network address translation (NAT), blacklisting the source IP address could block innocent clients that share the same source IP address with an offending client. | trust-ip |
severity {Low | Medium | High} | When rule violations are recorded in the attack log, each log message contains a Severity Level (severity_level) field. Select which severity level the FortiWeb appliance will use when a blacklisted IP address attempts to connect to your web servers: • Low • Medium • High | No default. |
trigger-policy <trigger-policy_name> | Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a blacklisted IP address’s attempt to connect to your web servers (see “config log trigger-policy”). The maximum length is 35 characters. To display the list of existing trigger policies, type: set trigger ? | No default. |