FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
mattchow_FTNT
Article Id 190403
Description
This article describes restriction on adding signatures exception rules.

Solution
To configure signatures exception rules in attack log, go to Log&Report -> Log Access -> Attack log
Select an attack for which it is required to create an exception
In the window that populates to the right, click the Message information and select Add Exception as illustrated below:
Then, click on 'Add Exception', there is no drop down menu on 'Signature Policy Name' as below, but the rule is required policy name and mandatory.


That is simply because policy is using pre-defined signature set.

The following are steps to fix the issue:

1) Go to Web Protection -> Known Attacks -> Signatures
For example, 'High Level Security is being used and it is required to have same security level as this signature, right lick and select 'Clone'


2) Avoid same name than pre-defined signature policy.

3) Go to Policy -> Web Protection Profile
Create a new Web Protection Profile for signature policy as well, select the signature policy created earlier


4) Then, go to Policy -> Server Policy
Edit the related server policy and select the Web Protection Profile created earlier.


5) Then it will be possible to select the Signature Policy Name.


Contributors