#config ips sensor
edit <sensor name>
config entries
edit <rule num>
config exempt-ip
edit <exempt-ip-rule-id>
set src-ip <ip4mask>
next
edit <exempt-ip-rule-id-1>
set dst-ip <ip4mask>
end
next
end
next
end
date=2019-10-27 time=18:44:54 logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" eventtime=1572198294024252859 tz="+0100" severity="info" srcip=192.168.209.45 srccountry="Reserved" dstip=213.211.198.58 srcintf="port2" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined" sessionid=8180 action="dropped" proto=6 service="HTTP" policyid=1 attack="Eicar.Virus.Test.File" srcport=41300 dstport=80 hostname="2016.eicar.org" url="/download/eicar.com" direction="incoming" attackid=29844 profile="protect_client" ref="http://www.fortinet.com/ids/VID29844" incidentserialno=1244883271 msg="file_transfer: Eicar.Virus.Test.File,"In order our host to be exempted, configure the following:
# config ips sensor
edit <sensor_name>
config entries
edit 2
set rule 29844
set status enable
set action block
config exempt-ip
edit 1
set src-ip 213.211.198.58 255.255.255.255
set dst-ip 192.168.209.45 255.255.255.255
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.