This article describes how to remove legitimate IPs from the block list in FortiWeb Cloud.
Scope
FortiWeb Cloud.
Solution
A new feature has been introduced that adds a Load Balancer(LB) in front of the FortiWeb Cloud. When IPs are considered malicious by FortiWeb Cloud applications, a FortiWeb Cloud script will update the LB in front of the cloud to block certain IPs.
If certain IPs are being blocked on the LB, they will be seen under FortiView > Blocked IPs with Block Reason (Threat Intelligence).
To whitelist an IP on the LB, simply select the trash can under the Action for this FortiView Clocked IP list.
This will only allow the LB to forward the previously blocked traffic to the FortiWeb Cloud.
Now that the FortiWeb Cloud is receiving the previously blocked traffic by the LB. The Cloud will process the traffic and use the security policies configured to allow/block traffic.
If this traffic starts to be blocked by the FortiWeb Cloud, to whitelist this IP on the cloud, configure Access Rules > IP Protection > IP List -> Trust IP for the desired IPs.
In this scenario, the LB was blocking the traffic and the first solution was required (If certain IPs are being blocked on the LB, this will be seen under FortiView > Blocked IPs with Block Reason (Threat Intelligence).
To whitelist the IP on the LB, simply select the trash can under the Action section for this list.
Note: One of the rules is that if an IP occurs to be blocked multiple times in under 24 hours, it will be …
Example: Same IP
1st time: 10 minutes
2nd time: 30 minutes
3rd time: 50 minutes
